Government Security
Network Security Resources

Jump to content


Audit Program

- - - - - security audit
  • Please log in to reply
2 replies to this topic

#1 cb122


    Private First Class

  • Members
  • 37 posts

Posted 18 February 2011 - 01:40 AM

Can anyone recommend a good audit program / benchmark for a corporate exchange setup to help identify security weaknesses?

And/or a pen testing framework that will list common/up to date security issues with email - and ways to mitigate them?

#2 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 18 February 2011 - 08:07 PM

Do you/your company have a budget? You would be looking for an 'enterprise grade' vulnerability management system. QualysGuard recently won SCMagazine award for best vuln management system. There are also ones from McAfee, HP, IBM etc. I think even GFI might work for cheaper.

If you are looking for a linux alternativie, I think you would find it more painful than productive for exchange and update/policies.
Certified Information Systems Security Professional (CISSP)



#3 beardednose


    Retired GSO First Lieutenant

  • Sergeant Major
  • 1,917 posts

Posted 23 April 2011 - 02:47 AM is probably the best site for audit workplans (from an auditor standpoint, not a security/pentest standpoint). However, the site is not free, but you can get a 30-day trial for a level 1 account. A premium account gives you access to all content.

Annual fees:
Basic 30 Day Trial- Free
Basic (Individual only)- $18
Premium Individual (for one user)- $140
Don't post just a THANKS! Here's why...

Forum Rules you need to know...RuLeS

Also tagged with one or more of these keywords: security, audit