configuration audits

Configuration methodology

Synetis can run Configuration Audits of the software and hardware components of your IS. The goal of such audits is to proactively identify configuration-related directives that could reduce security whilst ensuring that current configurations comply with the target architecture.

For these audits, the methodology is based on our R&D as well as on the hardening guides provided by the software vendor of the audited solution (Windows, Linux, etc.), plus any guides provided by ANSSI or CIS.
For example, our audits can cover, among others, Active Directory solutions, Windows operating systems (7, 8, 10, Server 2003, 2008, 2012, 2016), any Linux operating system, MySQL databases, Microsoft SQL Server, Oracle SQL, etc. Below, by way of illustration, we see some recommendations resulting from a configuration audit:
  • Audit Active Directory
  • Changed unwanted rights that emerged after installing Windows Server 2016 (AD PREP bug)
  • Change the composition of the privileged groups
  • Implement a third-party administration model
  • Reinforce the audited elements in the audit policy
  • Etc.
  • MySQL Audit
  • Install MySQL outside system partitions
  • Verify that the variable MYSQL_PWD is not used as environment variable.
  • Disable interactive MySQL user login
  • Check that the variable MYSQL_PWD is not used in user profiles
  • Etc.
In a broader sense, Synetis also carries out (tele)work environment audits, based on a study of the configuration of a corporate workstation. The goal of such audit is to verify the hardening of the configuration (as per state of the art rules) and possible flaws that could allow an attacker or a malicious collaborator to obtain an increase in privileges.

Build your

Cybersecurity

with Synetis!