Configuration audit

Accueil » Offensive Cyber » Configuration audit

Share of security breaches due to misconfiguration of cloud services
Source : Palo Alto


Share of companies that have ever had a vulnerability due to equipment misconfiguration
Source : VMWare


Share of companies with at least one critical configuration failure
Source : ThreatStack

Incorrect configuration is a vulnerability

A security device consists of hardware, software and its configuration in the target environment. This same device becomes a source of vulnerability when it is not properly configured.

More than 100 million Android users’ data exposed in a leak due to misconfiguration of cloud services

Source : Checkpoint

Interested in checking the configuration of your devices?

We propose the verification of the configuration of your equipment and security solutions through :

  • Identification of the scope and sampling of components to be audited;
  • Preparation of checklists adapted to the systems and their versions;
  • Collection of configuration files when possible;
  • Consultation of the configurations on site or execution of the orders;
  • Documentation of findings and recommendations.

This audit aims to identify faulty and vulnerable settings that could expose the systems. The configuration audit is done according to the following guidelines:

  • CIS (Center for Internet Security) benchmarks;
  • Vendor recommendations;
  • Best practices (SANS, NIST, …).

The configuration audit generally covers : Network components (Switch, router, firewall), operating systems, servers, applications and Databases..

Need advice to help you in your projects?