While your users engage in their valuable daily work, they are potentially exposing the clients they are using to the Internet, which is why it is of utmost importance to conduct client security audits. From BIOS security, disk encryption and hardware interfaces to operating system configurations and network security, the range of issues to consider reflects the complexity and importance of these audits.
A customized approach based on proven standards is essential for comprehensively assessing the security of your devices. Whether conventional PCs, thin clients, or zero clients, Unix-based systems, or embedded devices—our tests cover a wide range. Careful analysis enables us to make precise recommendations so that you can further increase your cyber resilience. Oneconsult’s goal is to provide you with clear and meaningful results that not only give you an overview of the current security status of your client environment, but also concrete recommendations for action to effectively close existing security gaps.
The Server Security Assessment identifies vulnerabilities in the various attack surfaces of your server environment, such as network connections, physical and logical access, and misconfigurations of the operating system or virtualization layer. Automated tests, manual analyses, and configuration checks are used to identify potential risks and review important security measures. This holistic approach gives you comprehensive insight into the security status of your server infrastructure.
Active Directory (AD) is often referred to as the heart of IT. On the one hand, working or logging in to work is simply impossible if AD is not available. On the other hand, it is also the main target of an attacker in order to gain more rights and thus more (damaging) opportunities and thereby reach further targets. The Oneconsult Active Directory Security Assessment is suitable for both on-premise IT infrastructures and hybrid scenarios, such as those involving Microsoft Entra ID. The focus is equally on Active Directory Domain Services (ADDS), Active Directory Federation Services (ADFS), and Active Directory Certificate Services (ADCS). You will also receive a review of your group policies (GPOs), architecture-related vulnerabilities, and hardening measures.
In addition to penetration tests with suitable tools, attack vectors and attack paths are identified and analyzed using proven methods. The configuration and the results of the tests are also checked for deviations from best practices and supplemented if necessary.
In addition to virtualized environments, workloads and microservices based on container technologies (such as Docker containers/environments managed with Kubernetes, etc.) have also become established in recent years. As advantageous as these technologies are, their security aspects are generally greatly underestimated.
The Container Security Assessment offers a thorough security review of your containers and their management solutions. Configuration errors and vulnerabilities are identified so that they can be closed, protecting your containers and their environment from potential threats. In addition, the runtime environment is analyzed and the assessment helps with the analysis of security-related compliance requirements. Automated tests are used and supplemented by further manual analyses.
Oneconsult offers security configuration reviews for all other systems in your client/server infrastructure that you would like to check for security concerns. Be it system management solutions such as SCCM, USB device security management, DLP solutions, printers and their management solutions: Oneconsult helps to optimize security-relevant configurations, independent of manufacturer and product.
During the configuration review, the configuration of your systems is checked (together, if desired) – where possible, by automatically reading out the configuration and comparing it with best practices, hardening guidelines or other security advisories. As the goals of best possible usability and best possible security are often in conflict, these conflicting goals as well as any risks or even restrictions need to be assessed and discussed. You benefit from Oneconsult’s experienced security specialists and receive clear recommendations.
Oneconsult mainly focuses on the security-relevant configuration options, and it often makes sense to conduct a configuration review together with the person responsible for the system. In this way, the product expertise of the responsible person and the security expertise of Oneconsult can lead to an ideal result and at the same time strengthen security awareness and competence.
Working remotely has become a necessity. Emails, contact details and other business information, some of which is confidential or even secret, can be accessed via mobile devices. In addition to the iOS or Android-based devices themselves, one of the most important components in enabling remote work on both personal and business mobile devices is the Mobile Device Management (MDM) solution.
Using standardized and established procedures, your mobile devices are tested and analyzed both from the perspective of the authorized user and from the perspective of an unauthorized owner or attacker (access to device and/or data, manipulation, etc.).
Often, mobile devices cannot be conclusively assessed without analyzing the associated MDM solution. As the customer, you determine the depth of the test. If the MDM is to be tested in detail, a system configuration review is recommended as a separate project to be performed independently or prior to the mobile device security assessment.
Our Client/Server Infrastructure Testing uncovers vulnerabilities, misconfigurations, and risks in workstations, servers, containers, and directory services – before they become problems. This helps you secure your systems reliably while maintaining full control over your IT.
Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.
For more information about our DFIR services here:
Don’t miss anything! Subscribe to our free newsletter.
