S y s t e m H a r d e n i n g R e v i e w

Assessment & Compliance Services Division

847.221.0200 halock.com

Solution Overview
Solution The servers and client workstations deployed throughout an organization protect the
At-a-Glance: confidentiality, integrity, and availability of sensitive information assets.

 Evaluate access control and

The manner in which these systems are deployed play a key role in information security. Well
ensure principles of least
planned and standardized hardening procedures and standards, patch management, file system
privilege are utilized
access control, and user access control are several of the areas that are reviewed as part of system
 Evaluate file system security
configuration security.
and permissions

 Ensure system configuration
adequately protects informa-
tion assets and does not
introduce vulnerabilities into
the environment
Halock will evaluate the configurations of key client and server systems to ensure proper
hardening and security configurations. Each system is evaluated using a combination of software
tools and manual hands on review techniques, aimed at identifying security risks connected with
the configuration of the operating system and related services.

 Test the operational effec- Understanding each users’ access, whether or

tiveness of security policies,
procedures, and standards
 Verify deployed systems
comply with security require-
ments as well as internally
defined corporate standards
not the have the minimal access required to
perform their job duties, and if the
configuration of the security mechanisms of the
system are reviewed to ensure the controls
enforce appropriate access.

 Insure access and user activi-

ties are adequately moni-
tored, controlled, and limited
to the least privileges neces-
sary

Professional Services Included : Pricing:

 Review of system documentation  Review the configuration and enforcement  Pricing varies based on the
 Interview key resources responsible for server of system-defined security policies (i.e. size, complexity, and depth of

management local security policies and group security testing as well as the type of
policies in the case of Windows servers) system reviewed
 Evaluate OS versions and patch levels
 Identify system level remote access proto-  Each system reviewed typi-
 Review system logging and monitoring con- cally ranges from $3,200 to
cols and review associated configurations
trols $6,400
 Review the security of the primary platform
 Examine running services and associated  Pricing is adjusted based on
installed, such as IIS or Exchange
configurations the number and type of plat-
 Identify system level remote access proto- forms installed on the operat-
 Review account policies and evaluate user ing system (such as Oracle,
cols and review associated configurations
rights Exchange, SQL, IIS, etc)
 Review the security of remote access, wire-
 Check file system and registry security
less, and end user security

1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
 847.221.0200 halock.com

System Hardening Review—Scope Worksheet

The depth of the effort is performed as follows:

BASIC CONFIRGURATION REVIEW
IN DEPTH ANALYSIS OF THE CONFIGURATION

The following documents are typically reviewed . Please indicate additional documents that will incorporated into
the review in the empty boxes:
OS Configuration Standards Access Control Procedures Hardening Standards and Procedures

Halock will interview key resources, typically including the following roles. Please indicate additional re-
sources that will interviewed as part of this process:
IT Director Systems Administrator

HOST OS PLATFORM/ROLE

1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com