System Hardening & Configuration Review
By looking at the security controls on specific devices, this review helps you set minimum security baselines across your organization.
The configurations of many network devices and operating systems do not align with industry standard security practices. These insecure configurations introduce risk through default credentials, missing patches and the use of insecure services. In addition, many compliance frameworks, such as the payment card industry (PCI) data security standard (DSS), require hardening standards and periodic configuration reviews to remain in compliance.
RSM’s system hardening and configuration review uncovers gaps and adds mitigation efforts into security baselines that can easily be applied throughout the entire organization. We begin this review by gaining an understanding of the role the device holds within the infrastructure. Based on this, our professionals analyze the asset’s conﬁguration against industry standard practices and hardening techniques. The review identifies exposure and breach-response capabilities by looking at logging and alerting abilities, ingress and egress points, and compensating controls. We also assess the asset’s conﬁguration for the implementation of existing minimum security baselines, use of secure protocols, use of proper patching, identification of known vulnerabilities and overall levels of system access.