Configuration audit
A configuration audit to prevent misconfigurations and reinforce the security of your Information System
Purpose of a configuration audit
The configuration audit consists of analyzing the configuration of your equipment to verify the integration of security mechanisms and reduce the attack surface.
This assessment may be based on the manufacturer’s safety recommendations, ANSSI, CIS or an internal reference framework.
Interviews may be necessary to assess the relevance of the analysis to operational constraints.
Benefits expected from a configuration audit
The benefits of a configuration audit include :
- An assessment of the quality of your system configuration by a recognized, independent audit firm;
- A better understanding of the functionalities exposed by your systems ;
- An action plan for upgrading the safety of your equipment, taking into account the risks identified and the complexity of implementing the recommendations.
As Synetis is a PASSI-qualified company, the configuration audit can be carried out under this qualification as defined by ANSSI. This applies, for example, to the audit of a Restricted Diffusion network or a SecNumCloud qualification.
Configuration audit methodology
After determining the configuration points to be assessed, the auditors compare the configuration of the audited equipment with the safety recommendations. This detailed analysis of configuration faults enables them to identify relevant metrics for risk assessment and treatment.
Synetis carries out configuration audits of various bricks, both software as well as of your Information System.
In addition to relying on appropriate and recognized security standards (ANSSI, CIS), our approach is also based on feedback from our technical experts in charge of integrating security solutions.
We cover configuration audits for a wide variety of systems, including :
- Microsoft Active Directory ;
- Microsoft Windows (10, 11) ;
- Microsoft Windows Server (2003, 2008, 2012, 2016, 2019 and 2022) ;
- Linux servers ;
- Databases (MySQL, MSSQL, Oracle, …) ;
- Cloud environments (AWS, Azure, GCP, …) ;
- Security components, such as firewalls, proxies, PAM (Privileged Access Management) solutions, etc., an approach that can complement a target Information System architecture audit.
In a broader sense, Synetis also carries out audits of telecommuting or work environments, based on a study of the configuration of a corporate workstation. The aim of this type of audit is to verify that the configuration has been hardened (according to state-of-the-art rules) and to identify any loopholes that could enable an attacker or malicious employee to gain elevated privileges.
This type of audit can also be complemented by a hardware auditwhich validates the choice of hardware and “low-level” configurations (Bios…).
Some examples of technical recommendations
By way of illustration, here are a few recommendations resulting from our configuration audit work:
Active Directory audit
- Modify unwanted rights that have appeared following the installation of Windows Server 2016 (AD PREP bug) ;
- Modify the composition of privileged groups ;
- Set up a third-party administration model ;
- Reinforce the audited elements in the audit policy.
Web server audit
- Disable directory listing and file system access rights for Web servers ;
- Managing exposed HTTP verbs ;
- Configure session cookies to manage the duration of a session.
Cloud Audit
- Enable dual authentication for administration accounts ;
- Set up default network filtering for VPCs ;
- Define logging filters for certain security events (group changes, access control modifications, etc.).
Contact our Synetis experts for more information on configuration audits to improve your cybersecurity!