Internal hosts can be vulnerable to a number of attacks if they are not tested through means other than network assessment. An application running on a critical server may allow an attacker access. Host Security Assessments are critical but frequently are not done on a scheduled, timely basis. In many organizations, a baseline host configuration standard is not used, or critical servers are placed on the network before being tested for vulnerabilities either in the operating system or the applications running.
Solution Host Security Assessment is used to determine the security posture of critical servers in your environment. We conduct automated tests of the operating system and application-level security issues and check administrative and technical controls. Identified weaknesses and potential weaknesses are mapped against the risk level to the organization and recommendations are made. We analyze your host security policies and procedures and your risk classification standards for information assets. Key areas we look at include but are not limited to:
The key servers that are selected for diagnostic review will cover the following aspects of security: