The University Information Security Office (ISO) has launched the security review program, which includes scanning of all campus web applications and critical servers. The goal of the program is to identify vulnerabilities for correction before they can be exploited. There are several free tools available to help determine if your software needs any security updates. QualysGuard Software, is one such tool to scan for network/systems vulnerabilities. Please contact the ISO at (520) 621-UISO (8476) for assistance or if you have questions.
For information on Resources and University Policy and Standards visit the UA InfoSec webpage.
How Often Should Scans Be Performed?
There are prerequisites that need to be completed before access is granted. The individual completing the scan must first complete training which is outlined in the Web Application Security Review Procedure (IS-P802) document. Once this is complete the individual can then request access to the Site License Web Application Scanning Tool. Information about the request form is available in the Web Application Security Review Procedure (IS-P802) document.
The ISO will contact the requestor with additional information and instructions.
Server Scanning Procedure
The scanning tool used by the University actively probes systems for vulnerabilities, performs a multi-level scan using an extensive database of known security holes to identify common system vulnerabilities such as but not limited to those included in the CERT, CIAC and SANS advisories. To learn more and to request and account read the Server Scanning Procedure document.
All devices must have been registered in the Critical Device Registry prior to scanning for vulnerabilities. The university has a limited number of licenses, so computers entered in the Critical Device Registry are given priority for vulnerability scanning.