Security Probes for New Clients?

archaic0 asks: "I've recently acquired a new client (I do on call tech work for several companies where I live) who have requested a security audit. In the past I've hired several friends (self-proclaimed security consultants) in the industry to run various exploits and tests for me, but due to the time involved and the cost, I'd like to find a short introductory type option to start a new client off with. I recently ran across a program called Retina, by eEye, and I'm quite impressed however it comes with a $1400 price tag per use (or $14,000 a year for a bulk license). Can anyone point me to tools they've used to do a pretty well-rounded security scan that can produce detailed reports? I know there is no substitute for a real security professional spending time confirming your network security, but I'd like to have at least one good tool to start a new client off with before throwing a huge security team at them."

Re:Nessus

[shfted!]

Not "Nuff said." Any security person who uses only one tool is a damned fool!

Social engineering considered most efficient

[korpiq]

war-dial all phone numbers of the company looking for rogue modems

Combine this with talking each answering person into giving their authentication information. I understand the easiest way to achieve that is by telling them you are hired by their company to make a security audit and said authentication information is necessary to point out flaws in their IT security. Not like I were experienced in the field but that's what they keep telling 'round the 'net, Mr. Mitnick for instance.

Have fun!