System Audit

An IT infrastructure consists of different systems and the security of the individual systems has a great influence on the overall security. An attack will typically take place via different systems such as workstations or clients, databases and servers. The local security of each of these systems can massively limit the attacker's options and ideally prevent further propagation. In a system audit, these systems are checked for their security and hardening measures. A well hardened workstation or server can nip an attack in the bud.

The system examined can be a Windows client or server, Unix client or server, or even a virtual desktop. The systems are checked using the CIS benchmark, whereby a special focus can be set, for example on privilege escalation or attacking other users. Firewalls, IAMs, etc. can also be examined for possible vulnerabilities based on their configuration.

If the following questions are still open in your company, a system audit is recommended:

  • Are our regular user laptops sufficiently hardened against attacks?
  • Was our network zone concept implemented correctly when configuring our firewalls?
  • What can an attacker do from our virtual desktop?
  • Are our administrators at risk on our privileged access workstations?

Process

Scoping

Goal and scope

The purpose of the scoping meeting is to define the objectives of the system audit and to transfer sufficient knowledge about the systems to be tested so that the offer can then be prepared on the basis of this knowledge. The questions mostly revolve around the purpose of the system, different users and roles, test depth and test scenarios.

Offer

Agreement

The offer is prepared on the basis of the scoping meeting. In addition to the objectives, methods, price and general conditions, it also contains a suggested timeframe for execution. Of course, nothing is set in stone and the offer will be adapted to your needs. In principle, we always charge according to the actual effort involved.

Kick-Off

System overview

In a meeting, an overview of the system to be tested is developed together with the responsible persons. Questions about access, different users, etc. are clarified here.

Access

Test device

The system audit requires access to the system. This can be a work notebook or access to a server via remote access. It is advisable to keep the setting as close as possible to the regular setup of employees and how an attacker could gain access to the system, for example via a C2.

Test

Execution

The same tools and methods used by a real attacker are used to search for possible vulnerabilities, misconfigurations or missing hardening measures on the system.

 

Report

Report writing

The results are summarized and evaluated. Measures are proposed for all risks and their priority is recorded. The report also contains information about the tools and methods used, so that these could also be used in the future.

Closing

Final discussion

A closing meeting ensures that the results and measures from the test can be understood and implemented. Since questions usually only arise during the remediation, we are of course always available for further queries and are happy to provide information.

Deliverables

All results are submitted in a final report (PDF, Excel and JSON) and made available via the Mesher platform. This is where the real work begins. Cybersecurity can only be increased if measures are also implemented. Therefore, it is a key concern for us that the findings from the tests arrive at the right place in the right format and that media breaks are eliminated.

PDF
The final report in PDF format contains an introductory section, executive summary, tools and methods, test details, positive aspects and passed requirements, results and measures with detailed description, categorization and prioritization.
 
EXCEL
The Excel contains all results and measures with detailed description, categorization and prioritization. Thanks to the editable format, this list is suitable for further processing of the results and additional information can be easily added.
 
JSON
The JSON file contains all results and measures with detailed description, categorization and prioritization. The JSON format is the most common format for automated further processing of information and can often be fed into existing tools with little effort.
 
Report

Categorization

We categorize all findings according to their probability of occurrence and impact. If required, the CVSS score can also be calculated for each vulnerability.

risk_matrix
Report

Executive Summary

Each report contains an Executive Summary, in which the results and recommended measures are summarized on one page and illustrated in diagrams.

chart_2

Mesher

Via Mesher, your current security level is recorded and you can view the return on investment for the various measures. All results are also visualized here and can be linked to existing tools thanks to integrations. With the platform, technical measures can be assigned directly with tasks to the appropriate people and agile work without media breaks is enabled.

More about the Mesher platform

Mesher Plattform