RE: Security Audit

[Aleksander Czarnowski <alekc () avet com pl>]

Timeframes are hard to drawn only from your basic info. Some test take
considerably longer than others. Also note that security audit is not only
build from single checks or test. It takes a few hours to read 1000 pages of
site security policy (actually it is rather bad idea to have those 1000
pages implemented but this is just an example). What I would be concerned is
the type of test or checks that IT security company want to perform and how
that relate to your true needs in terms of security. For example: if strong
password policy in NT is enabled than it makes probably no sense to run
password cracker as such test might be very time consuming and not reaveal
much additional information. On the other hand if IT security company have
large resources such tests can take considerably shorter time. Network tests
times depends on network architecture, network load, network services
configuration etc. etc. You first need to define your needs for security
tests or audit and then one can create a reasonable timeframe.
Regards,
Aleksander Czarnowski
AVET INS

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/