Penetration Testing mailing list archives
RE: Security Audit
From: Aleksander Czarnowski <alekc () avet com pl>
Date: Tue, 4 Sep 2001 11:33:17 +0200
Timeframes are hard to drawn only from your basic info. Some test take considerably longer than others. Also note that security audit is not only build from single checks or test. It takes a few hours to read 1000 pages of site security policy (actually it is rather bad idea to have those 1000 pages implemented but this is just an example). What I would be concerned is the type of test or checks that IT security company want to perform and how that relate to your true needs in terms of security. For example: if strong password policy in NT is enabled than it makes probably no sense to run password cracker as such test might be very time consuming and not reaveal much additional information. On the other hand if IT security company have large resources such tests can take considerably shorter time. Network tests times depends on network architecture, network load, network services configuration etc. etc. You first need to define your needs for security tests or audit and then one can create a reasonable timeframe. Regards, Aleksander Czarnowski AVET INS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit H Carvey (Sep 04)
- <Possible follow-ups>
- RE: Security Audit Christopher Ray (Sep 04)
- RE: Security Audit Aleksander Czarnowski (Sep 04)
- Re: Security Audit Forrest Rae (Sep 05)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Bill Pennington (Sep 06)
- Re: Security Audit Todd Ransom (Sep 06)
- RE: Security Audit Dom De Vitto (Sep 06)
- Re: Security Audit Forrest Rae (Sep 06)
- Re: Security Audit R. DuFresne (Sep 06)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Dave Wray (Sep 06)
- Re: Security Audit Jonathan Rickman (Sep 07)
- Re: Security Audit Philipp Buehler (Sep 06)