Gold Build Review
Rather than manually building laptops or servers from scratch, it is best policy to have a detailed build document and a master image that has been evaluated for security issues, which is then used to deploy into the network.
We offer gold build reviews to fully review the master image for group wide deployments.
A gold build review involves conducting a software build review of your master template used in group wide deployments.
Gold builds are typically one of the following:
The master template used for visualised environments – this image is then cloned and deployed multiple times from the master build to ensure all settings and software are consistent.
A master operating system build for physical devices – this image is usually for laptops or desktop systems and is cloned from the master image via disk cloning hardware and software to ensure all systems are running the same software load sets.
It is very important to ensure the master image is securely configured before this is deployed to end users or critical infrastructure, to prevent any weakness within the image being replicated throughout the network.
Build reviews can help identify build issues at the configuration stage within documentation or templates and prevent future deployments suffering from repeat issues.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
A gold build review involves looking specifically at the master template used for group wide deployments, a standard build review looks at a specific operating system or a set of varying systems separately.
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts|
|Registered Penetration Testers|
|Certified Web Application Testers|
|Certified Infrastructure Testers|
|Certified Simulated Attack Specialist|
|Certified Simulated Attack Manager|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)|
|CHECK Team Leader (CTL) - Infrastructure|
|CHECK Team Leader (CTL) - Applications|
Our CHECK status can be viewed on the below link:
It is recommended that master gold build reviews or testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the operating systems or configurations, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
Master gold build review prices are based on the number and type of templates or devices that are required to be reviewed, therefore there is not an off-the-shelf price for a build review.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full build review report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Policy compliance - A list of all non-compliant settings compared again industry recommendations
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.