Vulnerability scans now monthly, adding internal scans

To better help you secure your unit networks, ITS Information Assurance (IA) is increasing the frequency of its universitywide scans and adding internal network scanning. As of May, universitywide vulnerability scans are now performed monthly instead of quarterly.

The monthly scans will be similar to previous quarterly scans. The software begins by performing a TCP and UDP probe of common ports. It then attempts to intelligently enumerate the services running on them. With this knowledge, it will scan for a number of serious vulnerabilities identified by IA.

These scans cover the entire network address space registered to the University of Michigan. They come from a scanner positioned outside the university to give units the perspective of what an attacker can see from outside university networks.

Universitywide internal scanning will begin in June. The first couple of internal scans will be run on a test basis as IA fine-tunes the process. University networks will then be scanned monthly from inside the university to identify any potential vulnerabilities within U-M network space.

Results from both scans will continue to be sent to the network security contacts listed in NetInfo.

On-demand unit scans are also still an option. Whereas the universitywide scans check a list of commonly observed ports to find services to test, the unit-specific scans probe a larger number of ports. Results of these customized scans are sent to the specific contact people requested by the unit.

Questions about IA vulnerability scanning? Contact