Timeframes are hard to drawn only from your basic info. Some test take considerably longer than others. Also note that security audit is not only build from single checks or test. It takes a few hours to read 1000 pages of site security policy (actually it is rather bad idea to have those 1000 pages implemented but this is just an example). What I would be concerned is the type of test or checks that IT security company want to perform and how that relate to your true needs in terms of security. For example: if strong password policy in NT is enabled than it makes probably no sense to run password cracker as such test might be very time consuming and not reaveal much additional information. On the other hand if IT security company have large resources such tests can take considerably shorter time. Network tests times depends on network architecture, network load, network services configuration etc. etc. You first need to define your needs for security tests or audit and then one can create a reasonable timeframe. Regards, Aleksander Czarnowski AVET INS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 10:55:04 PDT