MS Windows Security Audit

Microsoft Windows configuration security audit

Nowadays, when most of information are processed electronically, servers and personal computers security is the key technical measure in an information security area. Our MS Windows system configuration security audit service finds out security weak points and helps you to apply technical recommendations to remove them.

We can help you at the beginning to reduce potential attacks from internal network and to find out an optimal balance between security and operation needs. From our side, security audit is documented in such form, which enable customers to evolve this area internally.

Supported systems

Platforms, which are supported by our audit services:

  • Microsoft Windows 2000, 2003, 2008, XP, Vista, Windows 7.
  • We support 32-bit and 64-bit platforms (AMD64 and IA64).
  • Domain controllers security audit includes Active Directory review.
  • Similarly we evaluate workstations (PCs, notebooks), where we review end-user security.

Security audit needs short configuration data collection (less than 1 hour) on an audited server – remote access is sufficient. Data collection is made with server administrator’s assistance via administrator’s account. Collected configuration data are processed outside of a customer’s seat.

Audit scope

MS Windows system configuration security audit usually includes following areas:

1. HW Platform and OS Basic Info
2. OS hotfixes and patches, automatic update settings
3. Automatic update configuration
4. Installed Software
5. Excessive or Problematic system services
6. Access Rights - Services and Drivers
7. Other Automatically Launched Programs
8. Password Parameters and Account Policy
9. Security Parameters
10. System Logs
11. Security Privileges Configuration
12. Problematic / Risky User Accounts
13. Local Group Membership
14. Access Rights – files, registry, shared resources
15. Network Configuration
16. Open Ports (TCP/UDP)
17. Network Services Configuration (WWW, mail, Terminal Services, etc.)

In the case of special customer’s requirements we are prepared to change scope and depth of the audit accordingly.