I agree with Catch. Pen Tests against a single host will do nothing by point out a few wholes. While an entire audit of the box will be more comprehensive and valuable in the long run.