The University network/system security assessment program uses QualysGuard Software as a Service to scan for network/systems vulnerabilities. The goal of the program is to identify vulnerabilities for correction before they can be exploited. This tool is used by UITS staff and, upon request, available to registered network managers to scan their own networks.
Authorized system administrators, network engineers and security analysts may scan individual critical devices or entire network segments within their administration. Because UA has a limited number of licenses, computers entered in the Critical Device Registry are given priority for vulnerability scanning.
Network discovery and mapping may be performed without limitation on entire network segments within a Network Manager's administration.
To register for an account, a UA employee must:
To request an account, qualified persons should contact the Information Security Office (InfoSec) [at firstname.lastname@example.org] with the following information:
InfoSec will contact the requestor with additional information and instructions.
1. For policy/registration questions regarding Qualys scanning: http://security.arizona.edu/isp601 2. For technical support with the Qualys product: Registered users can contact Qualys Technical Support by logging on to QualysGuard, and selecting "Help->Contact Support..." 3. For Qualys account support: Registered users who have forgotten their account information may contact UITS Security Operations to have their Qualys password reset. You can contact us either 1. via an email to secops at arizona dot edu from your email.arizona.edu account, or 2. via a web request through the CID Service Request form -- click on the 'SecOps' radio button, then "Other Requests".
Qualys is available 24/7 other than during maintenance windows. QualysGuard maintenance windows are typically posted on their login page at: https://qualysguard.qualys.com