Penetration Testing mailing list archives

RE: Security Audit

From: "Christopher Ray" <cray () satx rr com>
Date: Thu, 30 Aug 2001 17:12:01 -0500

Simon,

From personal experience with bidding on these type of contracts, there's a

lot that can be involved with conducting these audits.  For example:

- Is the audit a purely technical assessment or is the company you're
looking at going to be reviewing policy, business practices, architecture,
etc.
- Is the company going to review each and every machine to include checks on
the OS, applications, specific usage of services, etc.
- Is physical penetration involved
- Is there a remote assessment as well as an on-site assessment
- Is training involved for the your personnel
- Is the company going to be part of the "fix" or simply identify the
problems
- Last, but certainly not least, is a follow-up visit factored in

Good luck,

Christopher H. Ray, Director Technical Sales and Operations
TTL Unlimited
Phone: 210-710-1141
Email: cray () ttlunlimited com

-----Original Message-----
From: Simon Wellborne
[mailto:simon.wellborne () initiative-technology co nz]
Sent: Wednesday, August 29, 2001 12:26 AM
To: 'pen-test () securityfocus com'
Subject: Security Audit


Hello all,

We have a company or two providing quotes on a security audit, including
penetration tests.

I am a little concerned about the amount of hours being quoted for some of
these tests.

From peoples experience (and I would like to hear from Professionals who

comduct audits) about what timeframes are 'normally' used.

Our network is relatively small (20-40 users + servers).

Appreciate all replies

Regards



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: Security Audit H Carvey (Sep 04)
- <Possible follow-ups>
- RE: Security Audit Christopher Ray (Sep 04)
- RE: Security Audit Aleksander Czarnowski (Sep 04)
- Re: Security Audit Forrest Rae (Sep 05)
  - Re: Security Audit Todd Ransom (Sep 05)
    - Re: Security Audit Bill Pennington (Sep 06)
    - Re: Security Audit Todd Ransom (Sep 06)
    - RE: Security Audit Dom De Vitto (Sep 06)
    - Re: Security Audit Forrest Rae (Sep 06)
    - Re: Security Audit R. DuFresne (Sep 06)
  - Re: Security Audit Dave Wray (Sep 06)
    - Re: Security Audit Jonathan Rickman (Sep 07)

(Thread continues...)