Penetration Testing mailing list archives
RE: Security Audit
From: "Christopher Ray" <cray () satx rr com>
Date: Thu, 30 Aug 2001 17:12:01 -0500
Simon,
From personal experience with bidding on these type of contracts, there's a
lot that can be involved with conducting these audits. For example: - Is the audit a purely technical assessment or is the company you're looking at going to be reviewing policy, business practices, architecture, etc. - Is the company going to review each and every machine to include checks on the OS, applications, specific usage of services, etc. - Is physical penetration involved - Is there a remote assessment as well as an on-site assessment - Is training involved for the your personnel - Is the company going to be part of the "fix" or simply identify the problems - Last, but certainly not least, is a follow-up visit factored in Good luck, Christopher H. Ray, Director Technical Sales and Operations TTL Unlimited Phone: 210-710-1141 Email: cray () ttlunlimited com -----Original Message----- From: Simon Wellborne [mailto:simon.wellborne () initiative-technology co nz] Sent: Wednesday, August 29, 2001 12:26 AM To: 'pen-test () securityfocus com' Subject: Security Audit Hello all, We have a company or two providing quotes on a security audit, including penetration tests. I am a little concerned about the amount of hours being quoted for some of these tests.
From peoples experience (and I would like to hear from Professionals who
comduct audits) about what timeframes are 'normally' used. Our network is relatively small (20-40 users + servers). Appreciate all replies Regards ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit H Carvey (Sep 04)
- <Possible follow-ups>
- RE: Security Audit Christopher Ray (Sep 04)
- RE: Security Audit Aleksander Czarnowski (Sep 04)
- Re: Security Audit Forrest Rae (Sep 05)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Bill Pennington (Sep 06)
- Re: Security Audit Todd Ransom (Sep 06)
- RE: Security Audit Dom De Vitto (Sep 06)
- Re: Security Audit Forrest Rae (Sep 06)
- Re: Security Audit R. DuFresne (Sep 06)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Dave Wray (Sep 06)
- Re: Security Audit Jonathan Rickman (Sep 07)