System Hardening for a listed Software Company - Cyber Security Case Study

Scenario

By conducting the hardening exercise for making their environment more secure the organization contracted us. The client assigned us certain machines for performing hardening and prepare a checklist containing end results. As the exercise was performed remotely due to COVID-19 pandemic situation, we completed the assignment using VPN connectivity.

Testing methodology

Hardening is the process of reducing the attack surface. We logged into the inscope machines and manually checked for open ports, policies, installed applications, firewall and much more for covering all the aspects of hardening.

Risk Found

    Found outdated application - easy to exploit with publicly available exploits could lead to system takeover. OS with missing security patches and updates making the system vulnerable to complete takeover. Low-level group policy configuration prone to help attacker for identifying the attack surface which includes open ports, system information and user enumeration.