Configuration Review Services

Ensure that servers and network devices are securely configured
Get Instant Quote
Configuration Review Services

What is Configuration Review?

Configuration reviews can help ensure that servers and network devices are securely configured, and alert you to any errors and misconfigurations. While vulnerability assessments and penetration testing provides an analysis from an external point of view, configuration reviews provide an in-depth view from within your servers and network devices.


Server Configuration Review


To detect insecure configurations in the server operating system and commonly used software.

Network Configuration Review


To detect insecure configurations in the operating system of network and security devices.

Workstation Configuration Review


To detect insecure configurations in the operating system of end user computers.

Configuration Review Process

Configuration Review Process - Scan


Run scanning tools or conduct manual review to detect potential misconfigurations.

Configuration Review Process - Verify


Perform manual verification to confirm validity of detected misconfigurations.

Configuration Review Process - Report


Analyze issues against best practices and recommend corrective action.

Configuration Review Process - Retest


Verify if previously detected issues have been fixed adequately.

Frequently Asked Questions

How do you perform the configuration analysis?

For target systems supported by our scanning tools, there are a two options depending on the specific product:

  1. Direct network access: Our scanning tools must be able to access the target system over the network. This may require physical onsite access or remote access (e.g. VPN). Administrative access is required to extract the configuration. We will require either a test administrator account or your administrator can input their credentials into the tool during the scanning.
  2. Configuration export: Our scanning tool can import configuration files from some specific products for offline analysis.

For target systems not supported by our scanning tools, we will arrange a screen-sharing session with your administrator and review the configuration parameters via the system administrative interface.

What best practices do you use?

We adopt the CIS Benchmarks where available from the Center for Internet Security or the Security Technical Implementation Guides (STIGs) from the U.S. Defense Information Systems Agency (DISA) or security guidelines published by the product vendor.

What if I have my own configuration standards?

We can conduct the review based on your standards provided that the configuration parameters are specific and non-ambiguous.

What tools do you use?

We use both commercial and open source tools including Tenable Nessus Pro, Microsoft Security Compliance Toolkit, etc.

Yes, we are CREST accredited

Our core team is based in Singapore and consists of CREST certified penetration testers who are also Offensive Security Certified Professional (OSCP) certified. The team has delivered numerous penetration testing projects for customers in Singapore and other locations, from large multinational enterprises to small and medium business, and across various industries.

CREST Penetration Testing (VAPT)

How can we help?

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

× How can I help you?