This is a type of con artist
. The "security consultant" usually offers you a deal whereby you give him/her access to your network and an unspecified amount of money
(usually a lot of money). In exchange, this individual says that they will perform a "secrity audit
" or "penetration test
" of your network. They often claim to have some kind of magic voodoo that will somehow make your network and production/desktop systems safe from outside attack. Typically, however, all that happens is that this person runs Internet Scanner from ISS
or CyberCop Scanner from Network Associates
, or even Retina from eEye, and hands you a slightly modified version of that program's output. The "security consultant" typically does not possess the skills or insight to analyze that output of these programs in any significant way, beyond putting his own logos on the document. Most do not even bother to perform any further testing or even a cursory analysis of your IT infrastructure.
Don't be fooled! The only partial solution to the problem of computer security is constant vigilance.
Yes, I do realize there are some genuinly talented people in the consulting business. Unfortunately, they are few and far between. Generally speaking, they just know enough to produce a long report, and tell you what you want to hear.