Penetration tests, and similar services, can give an accurate picture of how an asset appears to an external entity. However, for a full picture of the security posture of an asset it may be necessary to perform a detailed review of system configuration from the inside.

Reviewing the configuration of servers or workstations will reveal any flaws in the build process or weaknesses that exist in the currently accepted build standard.

A firewall is an integral part of any architecture. If poorly configured, however, it can be a liability. A review of firewall configuration (incorporating IRM's in-house developed PREFiRE tool to visualise rules in place) will highlight any deficiencies in the security of the firewall configuration.

Network devices are ubiquitous in today's enterprises. They are party to the flow of information through an organisation and hence have a pivotal role to play. A review of network device configuration will highlight any weaknesses that could lead to unauthorised access to network devices.

Security devices, such as intrusion detection systems, must be correctly configured in order to provide the best protection. A review of the IDS/IPS configuration will highlight areas of deficient configuration that could lead to attacks going unnoticed.