Can I ask - when you run a vuln scanner such as nessus / openVAS - say you had 15 internet facing IP addresses to audit - how long would it take to scan those? Approximately? Or how long per system? If you are scanning "Uncredentialed" from the outside. Do the scans take longer if running with credentials as opposed without?
Are there specific rules of scanning you stick too when doing your audits? I.e. when do you scan - who and how do you let them know - are their any procedural safeguards IT need to put in place prior to you running tools? Also - do they have much of a performance impact on those your scanning when you are scanning the servers? Or not really?
I.e. how long would it take to get backtrack installed on a USB to run your scans to save your reports for where the scope is 10 internet facing IP addresses? How long would an experienced pen tester take to do that? ANd could you break down the times to do each stage?