Please suggest how I might go about identifying a vendor (or provide a reference to other
sites or news groups) to come in and do a network security assessment. I work for a small
government agency which has been unwilling to invest in the necessary staffing, much less
training, to provide the kind of protection really needed. I would like to document our risks
and recommended security measures, using some external expertise as a budget bully.
Our environment includes NetWare, UNIX (AIX, as a terminal server only), NT (application
server, including telnet), IPX/IP gateway, and two router connections to IP networks - one
agency-wide with a route to the Internet planned for the future (non current), and one to
another agency which provides a route to the Internet for e-mail and web (authentication
occurs at their firewall). Some users also have dial-up accounts to their own ISPs.
Thanks for any guidance you can provide.
fn: Jim Green
org: Los Angeles County STD Program
adr: 2615 S. Grand Avenue;;Room 500;Los Angeles;CA;90007;USA
email;internet: jimgreen @
title: Assistant Director for Surveillance and Information Systems
tel;work: 213 744-3081
tel;fax: 213 749-9606