Re: Security Audit

From: H Carvey (keydet89@yahoo.com)
Date: 09/01/01

• Previous message: Alfred Huger: "Apologies on the list lag"
• Next in thread: Forrest Rae: "Re: Security Audit"
• Reply: Forrest Rae: "Re: Security Audit"
• Reply: bacano: "Re: Security Audit"
• Reply: JCovington: "Re: Security Audit"
• Reply: H Carvey: "Re: Security Audit"
• Reply: bluefur0r bluefur0r: "Re: Security Audit"
• Reply: H Carvey: "Re: Security Audit"
• Reply: H Carvey: "Re: Security Audit"
• Reply: H C: "Re: Security Audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 1 Sep 2001 10:59:10 -0000
Message-ID: <20010901105910.7616.qmail@securityfocus.com>
From: H Carvey <keydet89@yahoo.com>
To: pen-test@securityfocus.com
Subject: Re: Security Audit

Well, it's not clear what your mix of systems
is...20-40 users and servers is a start.
How about routers, firewalls, other devices?

In a nutshell, and without knowing more
information, a well-planned security audit
(ie, vulnerability assessment) can be conducted
on-site in less than a day....that's
just the collection of technical information. If
the audit/assessment is to include
personnel interviews, with your size, the
necessary interviews could be easily
included in that time.

Again, without knowing more about what systems you
have and what the
proposed scope of work looks like, I'd say 3
people on-site for one full day to
get a vulnerability assessment done. But this
assumes some things...they have
all of the tools they need, have planned things
out, and have your full cooperation.

The penetration test is another matter. This is a
'sexy' service that is really already
covered by the vulnerability assessment...by
looking at things from the inside, you
can secure them relatively well against external
attack.

These days, the only real value of pen tests is to
assess your IR team's capabiliites.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: Alfred Huger: "Apologies on the list lag"
• Next in thread: Forrest Rae: "Re: Security Audit"
• Reply: Forrest Rae: "Re: Security Audit"
• Reply: bacano: "Re: Security Audit"
• Reply: JCovington: "Re: Security Audit"
• Reply: H Carvey: "Re: Security Audit"
• Reply: bluefur0r bluefur0r: "Re: Security Audit"
• Reply: H Carvey: "Re: Security Audit"
• Reply: H Carvey: "Re: Security Audit"
• Reply: H C: "Re: Security Audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [Full-disclosure] [Professional IT Security Providers -Exposed] PlanNetGroup ( F ) ... [Professional IT Security Providers -Exposed] ... to do what the client will pay him for. ... exactly a vulnerability assessment is... ... PlanNetGroup yet. ... (Full-Disclosure) RE: Vulnerability Assessment vs. PenTest ... Subject: Vulnerability Assessment vs. PenTest ... management, physical security etc. ... now for a limited time we can do a FREE audit for you ... (Pen-Test) RE: Vulnerability Assessment vs. PenTest ... Security Assessment ... ... Subject: Vulnerability Assessment vs. PenTest ... Download FREE whitepaper on how a managed service can help ... (Pen-Test) RE: Security Audit ... Auditors and trainees doing the security audit. ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Security Audit ... Subject: Security Audit ... A penetration test just looks to see if a system has a single weakness that ... A vulnerability assessment would entail a detailed analysis of the system, ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)