Penetration Testing mailing list archives
Re: Security Audit
From: H Carvey <keydet89 () yahoo com>
Date: 1 Sep 2001 10:59:10 -0000
Well, it's not clear what your mix of systems is...20-40 users and servers is a start. How about routers, firewalls, other devices? In a nutshell, and without knowing more information, a well-planned security audit (ie, vulnerability assessment) can be conducted on-site in less than a day....that's just the collection of technical information. If the audit/assessment is to include personnel interviews, with your size, the necessary interviews could be easily included in that time. Again, without knowing more about what systems you have and what the proposed scope of work looks like, I'd say 3 people on-site for one full day to get a vulnerability assessment done. But this assumes some things...they have all of the tools they need, have planned things out, and have your full cooperation. The penetration test is another matter. This is a 'sexy' service that is really already covered by the vulnerability assessment...by looking at things from the inside, you can secure them relatively well against external attack. These days, the only real value of pen tests is to assess your IR team's capabiliites. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit H Carvey (Sep 04)
- <Possible follow-ups>
- RE: Security Audit Christopher Ray (Sep 04)
- RE: Security Audit Aleksander Czarnowski (Sep 04)
- Re: Security Audit Forrest Rae (Sep 05)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Bill Pennington (Sep 06)
- Re: Security Audit Todd Ransom (Sep 06)
- RE: Security Audit Dom De Vitto (Sep 06)
- Re: Security Audit Forrest Rae (Sep 06)
- Re: Security Audit R. DuFresne (Sep 06)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Dave Wray (Sep 06)