RE: Security Audit

From: Aleksander Czarnowski (alekc@avet.com.pl)
Date: 09/04/01

• Previous message: anindya: "Re: Using Airsnort through vmware on Red Hat 7.1"
• Maybe in reply to: Christopher Ray: "RE: Security Audit"
• Next in thread: PM Systems - Rick Woehler: "RE: Security Audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <B1034582A18BD31191C700104B9861A022DFAD@des.avet.com.pl>
From: Aleksander Czarnowski <alekc@avet.com.pl>
To: "'pen-test@securityfocus.com'" <pen-test@securityfocus.com>
Subject: RE: Security Audit
Date: Tue, 4 Sep 2001 11:33:17 +0200 

Timeframes are hard to drawn only from your basic info. Some test take
considerably longer than others. Also note that security audit is not only
build from single checks or test. It takes a few hours to read 1000 pages of
site security policy (actually it is rather bad idea to have those 1000
pages implemented but this is just an example). What I would be concerned is
the type of test or checks that IT security company want to perform and how
that relate to your true needs in terms of security. For example: if strong
password policy in NT is enabled than it makes probably no sense to run
password cracker as such test might be very time consuming and not reaveal
much additional information. On the other hand if IT security company have
large resources such tests can take considerably shorter time. Network tests
times depends on network architecture, network load, network services
configuration etc. etc. You first need to define your needs for security
tests or audit and then one can create a reasonable timeframe.
Regards,
Aleksander Czarnowski
AVET INS

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: anindya: "Re: Using Airsnort through vmware on Red Hat 7.1"
• Maybe in reply to: Christopher Ray: "RE: Security Audit"
• Next in thread: PM Systems - Rick Woehler: "RE: Security Audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [Full-disclosure] SSANZ - Server Systems Administration NZ. ... Security Hardening & Security Installs/tweaks. ... What is involved in a Full Security Audit? ... csf -a 125.238.144.110 ... (Full-Disclosure) Industry Definitions... possible? was Re: Security Audit ... security test, security assessment, security audit, penetration test, ... functional network "tweaks" to remedy any unexpected problems discovered ... (Pen-Test) RE: Repost: Security Question ... 538 in security audit log. ... is the computer name, In SBS 2003, the full security audit is enabled by ... 540 indicates a successful logon; event 538 indicates a successful logoff ... Online Partner Support ... (microsoft.public.windows.server.sbs) RE: Security audit & Domain Controller security ... the full security audit is enabled by default so that you are ... Event 540 indicates a successful ... Right-click Small Business Server Auditing Policy and click Edit. ... (microsoft.public.windows.server.sbs) Re: General Security audit question ... One place that has a plethora of information on securing networks is CERT ... >Subject: General Security audit question ... >to report on all Site, network, server and software issues that I ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2001-09