Host Compliance Audit
A host compliance audit evaluates a device (workstation, server, etc.) for security best-practices. Our specialists will evaluate the security of the device through measures such as attempting to boot alternate media, evaluating endpoint security solutions against malware, reviewing firewall configurations, reviewing patch management, and more.
Our Methodolody
All testing performed are based on the NIST SP 800 - 115 Technical Guide to Information Security Testing and Assessment, OWASP testing Guide and checklist (v4) plus other customized testing frameworks.
PLANNING
Customer goals are gathered and rules of engagement obtained.
DISCOVERY
Perform scanning and enumeration to identify potential vulnerabilities, weak areas and exploit.
ATTACK
Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
REPORTING
Document all found vulnerabilities and exploits, failed attempts, company strengths and weaknesses.
Thorough Testing
Activities performed during testing include but not limited to:
Full disk encryption testing
Process monitoring / control testing
USB restriction testing
Web traffic proxy testing
Intrusion detection / prevention testing
Application whitelisting testing
Ant-virus (host) testing
Email filter testing
Other testing depends on specific customer content and footprint