About

Prior to going live with a new system, Pākiki can review the configuration of the servers/infrastructure to ensure that appropriate security controls are in place, and to identify if it is likely that an attacker could get privilege escalation on a system if it were to be compromised. Additionally, before deploying a new image to endpoints, Pākiki can review it to ensure that appropriate security controls are in place to prevent common attacks.

How we can help

Pākiki can carry out configuration reviews of servers, desktop and some networking hardware. The particulars of the review will depend on the type of device, and your requirements, but the review could include:

• A review to ensure that all reasonable built-in security controls are enabled and configured appropriately.
• Practical attempts to identify and/or exploit privilege escalation paths that an attacker may use if they were to compromise the system.
• Reviews against particular benchmarks or standards.

What you get

At the end of the engagement, you’ll receive a written report, detailing:

• At a high level, what key issues were identified, and what they mean to the business.
• Detailed descriptions of all issues which were identified, including reproduction steps, and how you can remediate them.

Process

All of our engagements follow a similar process:

1. We start by scoping the engagement, understanding what you're looking for, discuss the technologies and platforms in use, and any key concerns that you may have. From this, we produce a Statement of Work detailing the effort required, cost, any prerequisites, and our approach to the engagement.
2. Once the Statement of Work is signed, we'll work with you to schedule the work.
3. Prior to the engagement starting, we'll be in touch to organise any prerequisites we require and where practical will test these prior to the engagement. This will ensure the engagement commences on time.
4. The consultant will start the engagement and will provide regular updates. Any high or critical severity issues will be notified when they are found.
5. At the end of testing, a report will be produced and provided.
6. A close-out meeting is held to provide any additional context around the business impact of what we identified, and to provide a chance for any further questions on how to remediate what was found.
7. Optional Retesting can be carried out in order to ensure that any vulnerabilities have been successfully remediated.

Get in touch

To find out more: