Configuration Review
Harden Your Systems Today
A configuration review is a security assessment focused on identifying misconfigurations that could lead to security risks.
Unlike traditional penetration testing, this review is a deep-dive into security controls, policies, and best practices to ensure compliance and resilience.
Microsoft Azure
Azure powers identity, compute, and data services at scale. Organisations depend on it for user access control and infrastructure management. Misconfigurations can expose data or disrupt services. Our review ensures your Azure setup aligns with security best practices to protect resources and access.
High-Level Overview
Identity & Access Management
We evaluate Microsoft Entra ID configurations, multi-factor authentication settings, conditional access policies, privileged identity management, and guest user restrictions to ensure proper authentication and authorisation controls are in place.
Network Security
We assess virtual network configurations, network security groups, public IP restrictions, Azure Bastion implementation, and private endpoint usage to protect cloud resources from unauthorised network access.
Monitoring & Logging
We analyse encryption implementations, key vault configurations, storage account security, backup policies, and sensitive data handling to safeguard critical information assets in Azure environments.
Resource Security
We examine resource locks, security default settings, service-specific security controls, and resource protection mechanisms to prevent unauthorised modification or deletion of critical Azure components.
Compute & Container Security
We verify virtual machine security controls, Azure Databricks configurations, encryption settings, and access restrictions to maintain secure compute environments.
Security Services Configuration
We assess Microsoft Defender plans activation, attack surface monitoring, threat protection features, and security posture monitoring to maximise Azure's built-in security capabilities.
Storage Services Security
We evaluate storage account protections, file share security, blob storage controls, and encryption settings to ensure proper protection of data at rest and in transit.
*test cases may vary between different environments
M365
Microsoft 365 unifies productivity, communication, and cloud storage, holding critical business data and access controls. Misconfigurations can lead to data leaks, account compromise, or email threats. Our review ensures strong security controls and effective threat detection to protect your organisation.
High-Level Overview
Identity & Access Management
We evaluate Microsoft Entra ID settings, multi-factor authentication implementation, conditional access policies, authentication methods, and administrative account configurations to ensure proper access controls throughout your Microsoft 365 environment.
Email Security
We assess Exchange Online protection features, anti-spam/anti-phishing controls, SPF/DKIM/DMARC configurations, mail flow rules, and modern authentication to protect against email-based threats and unauthorised access.
Data Protection
We analyse data loss prevention policies, SharePoint and OneDrive sharing controls, external access restrictions, information protection settings, and guest user management to prevent unauthorised data leakage.
Threat Protection
We review Microsoft 365 Defender configurations, Safe Links and Safe Attachments settings, anti-malware policies, and threat protection features to detect and respond to security threats effectively.
Collaboration Security
We examine Microsoft Teams security settings, external access controls, file sharing restrictions, and guest user limitations to ensure secure collaboration across your organisation.
Audit & Compliance
We verify audit logging configurations, mailbox auditing settings, Microsoft Purview controls, and retention policies to maintain compliance and support security investigations.
Application Management
We assess application consent settings, third-party integration controls, app permission policies, and add-in restrictions to prevent unauthorised application access to organisational data.
Device Management
We review device access policies, conditional access device controls, managed device requirements, and mobile device security settings to secure access from various endpoints.
*test cases may vary between different environments
AWS
AWS powers global infrastructure, identity, and data services across multi-account environments. Misconfigurations, like open S3 buckets or weak IAM, can expose data and hinder incident response. Our review ensures your AWS setup enforces strong security and access controls to protect cloud assets.
High-Level Overview
Identity & Access Management
We evaluate IAM user configurations, root account restrictions, password policies, MFA implementation, and access key management to ensure proper authentication and authorisation controls are in place.
Storage Security
We assess S3 bucket configurations, RDS instance security, EBS volume encryption, and EFS file system protections to safeguard data stored in AWS environments from unauthorised access or exposure.
Logging & Monitoring
We review CloudTrail settings, AWS Config implementation, VPC flow logging, S3 object-level logging, and CloudWatch alerts to maintain visibility into environment activities and potential security incidents.
Network Security
We analyse VPC configurations, security group settings, network ACLs, EC2 metadata service settings, and remote administration port restrictions to protect cloud resources from unauthorised network access.
Encryption & Key Management
We examine KMS configuration, CMK rotation settings, encryption implementation for data at rest, and proper key management practices to ensure cryptographic protection of sensitive information.
Compliance & Governance
We verify AWS Security Hub enablement, AWS Organisations settings, federation implementation, and multi-account management to ensure consistent security controls across the AWS environment.
Resource Protection
We evaluate resource configurations, EC2 instance security, trusted network access definitions, and service-specific security controls to prevent unauthorised modification or access to critical AWS components.
Access Monitoring
We assess monitoring for unauthorised API calls, console sign-ins without MFA, root account usage, and security configuration changes to detect and respond to potential security incidents promptly.
*test cases may vary between different environments
GCP
GCP provides scalable services for compute, storage, and analytics. Misconfigurations, like open buckets or overprivileged accounts, can expose sensitive data. Our review ensures your GCP setup follows best practices to secure access, monitor threats, and protect critical resources.
High-Level Overview
Identity & Access Management
We evaluate IAM user configurations, service account controls, API key restrictions, multi-factor authentication implementation, and cryptographic key management to ensure proper authentication and authorisation throughout the GCP environment.
Logging & Monitoring
We assess Cloud Audit Logging settings, log metrics and alerts, retention policies, Cloud Asset Inventory, and Access Transparency to maintain comprehensive visibility into environment activities and security events.
Network Security
We analyse VPC configurations, firewall rules, SSH/RDP restrictions, DNS security settings, load balancer configurations, and VPC flow logging to protect cloud resources from unauthorised network access.
Compute & VM Security
We review virtual machine configurations, service account usage, Shielded VM implementation, OS login settings, public IP restrictions, and encryption controls to secure GCP compute resources.
Storage Protection
We evaluate Cloud Storage bucket access controls, BigQuery dataset security, uniform bucket-level access, and customer-managed encryption key implementation to prevent unauthorised data access or exposure.
Database Security
We examine Cloud SQL instance configurations, database flag settings, connection security, automated backups, and authentication controls to ensure proper protection of database resources.
Encryption Management
We assess Cloud KMS configurations, key rotation settings, customer-managed encryption keys implementation, and secret management practices to ensure cryptographic protection of sensitive information.
Service-Specific Controls
We verify security configurations for specialised services like Dataproc, App Engine, and BigQuery to ensure consistent security controls across all utilised GCP services.
*test cases may vary between different environments
Mobile Devices
Mobile devices extend your network perimeter and access sensitive data across apps and networks. Without proper controls, they risk data leaks, unauthorised access, or compromised connections. Our review ensures mobile policies enforce encryption, app control, and secure access to protect corporate data.
High-Level Overview
Device Security Controls
We verify device lock mechanisms, authentication settings, biometric configurations, screen timeouts, and device encryption to protect against unauthorised physical access to devices and the sensitive data they contain.
Application Management
We evaluate app installation restrictions, developer options, third-party keyboard limitations, app permissions, and update enforcement to reduce the risk of malicious applications and ensure secure operational environments.
Data Protection
We assess backup encryption, iCloud security settings, data transfer restrictions between managed/unmanaged environments, and document access controls to prevent unauthorised data leakage or exposure.
Network Security
We analyse Wi-Fi configurations, VPN implementations, Bluetooth security, MAC address randomisation, and secure connection requirements to protect device communications from interception or exploitation.
Privacy Controls
We review location tracking settings, advertising identifiers, diagnostic data collection, notification privacy, and analytics sharing to minimise unnecessary data exposure and protect user privacy.
Device Management
We examine configuration profile settings, remote management capabilities, device tracking features, remote wipe functionality, and MDM restrictions to ensure device compliance with organisational policies.
System Integrity
We assess system update enforcement, jailbreak/root detection, integrity verification, automatic date/time configurations, and device firmware status to maintain the security posture of mobile devices.
*test cases may vary between devices
VMWare
VMware enables efficient, isolated virtual environments for critical workloads. Misconfigurations can lead to VM escapes, hypervisor risks, or unauthorised access. Our review assesses host settings, access controls, network isolation, and logging to secure your virtualised infrastructure.
High-Level Overview
Hardware Security
We verify firmware security, TPM configuration, secure boot implementation, and hardware management controller settings to ensure a secure foundation for the virtualisation environment.
Host System Configuration
We assess ESXi security baselines, software update compliance, services activation status, account management, and lockdown modes to protect the hypervisor from unauthorised access or compromise.
Virtual Machine Security
We analyse VM configuration settings, device controls, isolation mechanisms, encryption requirements, and console access restrictions to prevent unauthorised VM access and data exposure.
Network Security
We review virtual switch configurations, network traffic policies, firewall settings, port security, and management network isolation to protect virtualised network communications.
Storage Security
We evaluate storage isolation, datastore configurations, storage communications security, and SAN protections to ensure proper segregation and protection of virtualised storage resources.
Authentication & Access Controls
We examine authentication settings, password policies, account restrictions, session timeout configurations, and privilege management to restrict hypervisor and VM access to authorised users.
Logging & Monitoring
We assess logging configurations, persistent log storage, log transmission settings, audit record retention, and security event monitoring to maintain visibility into environment activities.
VMware Tools Security
We verify VMware Tools versioning, update settings, feature controls, and logging configurations to ensure secure integration between VMs and the hypervisor environment.
Databases
Databases hold sensitive business data and are prime targets for attackers. Misconfigurations can lead to unauthorised access or data leaks. Our review assesses security settings, access controls, auditing, and encryption to ensure your databases are properly protected.
High-Level Overview
Installation & Infrastructure
We verify secure installation practices, package integrity, proper patching, and appropriate file system permissions while ensuring databases are properly isolated from system partitions for enhanced security.
Authentication & Access Control
We evaluate user privilege management, password policies, service account permissions, third-party authentication integration, and row-level security implementation to prevent unauthorised access.
Network Security
We assess interface binding, TLS/SSL implementation, client connection security, replication traffic protection, and connection limiting to protect your databases from network-based attacks.
Logging & Auditing
We review audit logging configuration, log file security, retention policies, error logging, and monitoring of critical security events to ensure visibility of potential security incidents and compliance with regulatory requirements.
Data Protection
We evaluate encryption for data-at-rest and data-in-transit, backup security, key management, data masking controls, and protection against SQL injection to safeguard your most sensitive information.
*test cases may vary between different databases
Web Servers
Web servers are public-facing and handle requests, authentication, and access to backend systems. Misconfigurations can expose data or allow attacks like injection or unauthorised access. Our review ensures secure setup, access controls, encryption, and logging to protect your web infrastructure.
High-Level Overview
Installation & Configuration
We verify secure installation practices, ensure web content is stored on non-system partitions, validate server configurations, and confirm that only required modules and components are enabled to minimise the attack surface.
Authentication & Authorisation
We evaluate access control mechanisms, authentication methods, session management, credential storage practices, and permission settings to prevent unauthorised access to web server resources and administration interfaces.
File Permissions & Ownership
We assess file system permissions, directory access controls, user context configurations, and privilege restrictions to ensure web servers operate with minimal necessary privileges and protect sensitive configuration files.
Information Leakage Prevention
We review server headers, error handling configurations, server signatures, and content disclosures to prevent information exposure that could aid attackers in targeting your web services.
Encryption & Transport Security
We analyse TLS/SSL implementations, cipher suite configurations, certificate management, HTTPS enforcement, and secure protocol settings to protect data in transit.
Denial of Service Protections
We evaluate timeout settings, connection limits, resource allocation configurations, and request size restrictions to safeguard against availability attacks..
Logging & Monitoring
We review logging configurations, log storage security, error handling settings, and audit trail completeness to ensure visibility into security events and support incident response capabilities.
Request Handling & Input Validation
We examine HTTP method restrictions, request filtering, content length limits, and input validation controls to protect against malformed requests and common web application attacks.
*test cases may vary between different web servers
Network Devices
Network devices manage data flow and enforce security boundaries across your environment. Misconfigurations can expose interfaces, bypass controls, or weaken segmentation. Our review checks access, hardening, logging, and filtering to ensure secure, well-managed network infrastructure.
High-Level Overview
Device Access Control
We evaluate authentication mechanisms, password policies, session timeout settings, administrative access restrictions, and management interface security to prevent unauthorised access to network devices.
System Hardening
We assess firmware integrity, service configurations, unused interface disablement, banner notifications, and system resource protections to reduce the attack surface of network devices.
Logging & Monitoring
We review logging configurations, SNMP settings, syslog transmission, log retention policies, and monitoring alerts to ensure visibility into security events and device operations.
Network Security Controls
We analyse firewall rules, traffic filtering, intrusion prevention settings, DNS security, and anti-malware capabilities to protect against network-based threats and unauthorised traffic.
Secure Communications
We examine encryption implementations, secure protocol usage, certificate validation, VPN configurations, and management traffic protection to safeguard data in transit.
High Availability & Resilience
We verify redundancy configurations, failover settings, device synchronisation, and backup procedures to ensure continuous network service availability.
Time Synchronisation
We assess NTP configurations, time source authentication, time zone settings, and clock synchronisation to maintain accurate time references for operations and logging.
Threat Protection
We evaluate advanced security features like URL filtering, application control, data loss prevention, and threat intelligence integration to detect and prevent sophisticated attacks.
*test cases may vary between different devices
Web Browsers
Web browsers access internal and external resources, often handling sensitive data. Poor configurations can lead to credential theft, malicious extensions, or drive-by attacks. Our review checks security settings, privacy controls, and update mechanisms to protect users from web-based threats.
High-Level Overview
Security Controls & Features
We assess SmartScreen configurations, malware site blocking, phishing protection, download restrictions, and browser security features to protect users from web-based threats and potentially malicious content.
Privacy & Data Protection
We evaluate tracking protection settings, cookie handling, autofill configurations, credential storage practices, and data collection controls to prevent unauthorised access to personal information and limit data exposure.
Content Security
We examine JavaScript controls, pop-up blocking, mixed content handling, WebRTC restrictions, and plugin management to reduce the attack surface from potentially harmful web content and scripts.
Network & Communication
We review SSL/TLS configurations, OCSP settings, network prefetch behaviours, and secure connection requirements to ensure secure communication between browsers and websites.
Extension & Add-on Management
We analyse extension installation policies, auto-update settings, extension permissions, and blocklist implementations to prevent malicious extensions from compromising browser security.
Authentication & Identity
We assess password management settings, form-filling controls, sign-in capabilities, and credential handling to protect user authentication information from unauthorised access or exposure.
Update & Maintenance
We verify automatic update configurations, update frequency settings, and security patch management to ensure browsers maintain current security protections against emerging threats.
*Test cases may vary between different browsers
Containers
Containers streamline deployment with isolated, consistent environments, but misconfigurations can lead to privilege issues, insecure images, or breakout risks. Our review checks host security, image controls, access, and runtime policies to ensure safe, isolated container operations.
High-Level Overview
Host Security Configuration
We evaluate container host hardening, file system permissions, audit configurations, resource isolation, and kernel settings to ensure the underlying infrastructure provides a secure foundation for containerised workloads.
Container Image Security
We assess image build processes, base image selection, vulnerability scanning practices, and repository security to prevent compromised or malicious containers from being deployed in your environment.
Access Controls & Authentication
We analyse RBAC configurations, service account restrictions, privileged access limitations, secret management, and authentication mechanisms to ensure proper authorisation throughout the container ecosystem.
Network Security
We review network policies, container communication restrictions, port configurations, service exposures, and encryption requirements to protect container traffic from unauthorised access or interception.
Runtime Security
We examine container privilege settings, capability restrictions, resource limitations, namespace isolation, and seccomp/AppArmor profiles to prevent container breakouts and limit potential attack surfaces.
Data Protection
We assess volume security, sensitive data handling, persistent storage configurations, and encryption implementation to safeguard container data from unauthorised access or exposure.
Logging & Monitoring
We verify logging configurations, audit settings, event capture, and monitoring capabilities to ensure visibility into container operations and potential security incidents.
Orchestration Security
We evaluate control plane component security, API server configurations, etcd protection, scheduler settings, and cluster management restrictions to secure the container orchestration infrastructure.
System Integrity
We assess software update enforcement, jailbreak detection, automatic date/time configurations, and device integrity verifications to maintain the security posture of iOS devices.
*test cases may vary between different containerisation environments