We analyze the configuration of both hardware and software devices deployed and associated with the audited information system. These devices may include network equipment, server or client operating systems, applications or security products. Our objective is to understand the technical implementation of existing security practices in order to verify whether they comply with the state of the art, regulatory and legal requirements related to the systems environment and use.
Windows configuration audit
The objective of a configuration audit is to analyze the technical implementation of good security practices in order to verify their compliance with the state of the art and with the internal rules of the auditee. Our recommendations are based on our R&D as well as on the following reinforcement guides:
AS/400 configuration audit
The security audit of an AS / 400 (also known by different names: IBM i, iSeries, System i) is both an intrusion test and a configuration audit, the objective being to:
- Check the robustness of the system in the face of real attacks
- Check the implementation of good security practices
For this we rely on our R&D as well as the hardening guides from IBM.