Windows configuration audit

The objective of a configuration audit is to analyze the technical implementation of good security practices in order to verify their compliance with the state of the art and with the internal rules of the auditee. Our recommendations are based on our R&D as well as on the following reinforcement guides:

  • ANSSI
  • CISecurity
  • NIST
  • Microsoft

Below are some of the checks performed by our auditors :

  • Remote administration
    • Remote administration services
    • Accounts authorized to administer
    • Authentication encryption
    • Administration flow encryption
    • Transfer authorization
  • Authentication
    • Type of authentication
    • List of logins
    • Password analysis
    • Account lockout
    • Complexity imposed
    • Hash algorithm
  • Traces of administration
    • Password hashes
    • Order history
    • Temporary files
    • Backup files
    • Network connection
  • Privilege escalation
    • Injection into processes
    • Rights on privileged objects
    • Default binaries path
    • DLL hijacking
    • Software restriction bypass
  • Antivirus protection
    • Status
    • Stop protection
    • Antivirus database update
    • Scheduled automatic scan
  • Updates
    • Update method
    • Last update applied
    • Missing fix
  • Scripting
    • Scheduled tasks
    • Services
    • Compiled scripts
    • Configuration files
  • Network
    • Firewall status
    • Default policy
    • Exceptions
    • Protections against MITM attacks
  • File system
    • Read accesss to sensitive files
    • Write access to runtime environment directories
    • Read / write files for all users
  • Event logs
    • Type of events audited
    • Local rotation
    • Export to the network
    • Erasure protection
  • Exposed application
    • Update policy
    • System account used
    • File system rights
    • Flow encryption