Configuration audit

We analyze the configuration of both hardware and software devices deployed and associated with the audited information system. These devices may include network equipment, server or client operating systems, applications or security products. Our objective is to understand the technical implementation of existing security practices in order to verify whether they comply with the state of the art, regulatory and legal requirements related to the systems environment and use.

Windows configuration audit

The objective of a configuration audit is to analyze the technical implementation of good security practices in order to verify their compliance with the state of the art and with the internal rules of the auditee. Our recommendations are based on our R&D as well as on the following reinforcement guides:

  • CISecurity
  • NIST
  • Microsoft

AS/400 configuration audit

The security audit of an AS / 400 (also known by different names: IBM i, iSeries, System i) is both an intrusion test and a configuration audit, the objective being to:

  • Check the robustness of the system in the face of real attacks
  • Check the implementation of good security practices

For this we rely on our R&D as well as the hardening guides from IBM.

Our methodology to audit the configuration of Unix/Linux systems

The objective of this audit is to verify the correct configuration of your Unix / Linux systems, in compliance with your internal standards and good practices existing in all the diversity of this family of operating systems.