Host Review is one of the mandatory steps taken to achieve the goals
set out in the policy of an organization. Host Review is carried out in order
to verify every hosts within the organization infrastructure are effective and
suitable for achieving the stated goals.
For those systems of importance, a single misconfiguration could prove
devastating, and by doing Host Review, we are making sure there are no loose
ends from the inside of our system.
Overview of Host Review
Host Review is one part of the security audit procedure, the other is Vulnerability Assessment, Host Review is usually called “Host Audit” and can be defined as: “A systematic and independent examination to determine whether activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives.”
Figure 1. A Host
Review could provide useful information about organization infrastructure and
A Host Review is carried out with the following objectives in mind:
To evaluate whether the hosts
in an organization infrastructure has followed security standards and
To offer opportunity to
improve security posture, maintain system stability.
To provide an insight of an
organization system, and provide more information for the security audit
To determine conformity or
nonconformity of the system elements with the specified requirements to assure
the system can go live.
A Host Review usually covers:
versions & patching: ensure the host under review
is up-to-date with the latest security patch and hotfixes to reduce as many
vulnerabilities as possible and provide more stability of the machine.
Firewall Configuration: accept trusted connections
and reject or drop external and suspicious connections; also firewall can log
all attempts to enter private network or an individual computer and set an
alarm (in the form of a pop-up or other notice) when suspicious or hostile
activity is attempted.
Access: only the right personnel with the right token
has access to the host.
● Logging: record actions that have been taken by whom to help improve security in a variety of ways such as intrusion detects, system health monitoring…
The targets of a host review could be Web Server, Application Server,
or Database Servers.
Performing Host Review
The process of Host Review can be divided into 3 main phases: Gather and Preparation, Test and Review Results, and Analysis, Mitigations and Recommendations
Gather and Preparation
This phase could be divided further into 3 sub steps. In this step, the
auditing team spends various interview sessions with stakeholders to understand
their system infrastructure, walkthrough to the demo session to understand how
to setup scan parameters and profiles, and further sessions to understand the
adopted policies, guidelines and the environment they provide for host review.
and Interview Session: the auditing team will be
looking at various documents describing the system infrastructure such as
design specifications, illustrative diagram, and even the workflow of the
system, to better grasp the infrastructure. Moreover, the auditing team nay
hold an interview with the client team to collect information about how each
host is built and configured.
for Host Review: the auditing team and client will agreed
on the suitable guidelines and standards used for this work, it will be defined
in the report that will be given to the client later. Example of agreed
guidelines and standards used in our client system is shown below.
machines, Environment and Server: we will be preparing a
provisioned laptop with specifically approved OS by our client. Depending on
the clients, this may be optional, if our client servers are very important or
belong to the governments, this will be compulsory since we don’t want anything
wrong to happen. All necessary information regarding the environment
(usernames, passwords, location of servers…) and the servers themselves will be
provided to make sure the process will be smooth and accurate. Then the works
will be carried upon all hosts in their infrastructure against the prepared
Figure 2. Sample of a list of guidelines and standards that will be used for Host Review
The process may take about 2 to 4 days depending on the amount of audit
items (based on the agreed standards) and the number of servers to be reviewed.
This is done by either using the scripts may especially for auditing or do it
manually for some items require human attention (such as legacy items) or
additional requirements from our clients that is not belong to any agreed
After the testing process is done, the auditors will be checking the
values of the audited hosts against the items in the checklist, the review
process is done two times, in which the first time will be by two different
personnel with the role of Quality Control to ensure the audited items match
with the guided items; the second time will be by technical team who will then
doing the Pass/Fail verification.
Finally, we will provide our client with the Host Review reports (HR
reports) for each hosts, the client-side now just need to rectify any items
with the “Fail” status.
Figure 3. Sample of a HR Report of a Web Server that runs Windows
Mitigations and Recommendations
At this stage, the Host Review is coming to an end, along with
Vulnerability Assessment. The final report consists of procedure and testing
methods for both Host Review and Vulnerability Assessment. Our security analysis
expert will provide insight to the problems we have discovered and give advice
to remediate them.
In summary, Host Review is an important asset of security audit, it
ensures the overall security and stability of hosts in the system
infrastructure which in time boost the reliability of the system.