This is a function provided for University servers and workstations to detect system vulnerabilties and misconfigurations of common services as part of our security monitoring program. It is an automated process, which requires no user interaction. Two types of scans are available.
1. A credentialed scan - An administrative account logs into the remote machine and performs a check on system patch levels, configuration of services, and third party applications. This type of scan is not obtrusive and will occur without any noticable effects for the end user.
2. An uncredentialed, or black box scan is more aggressive and attempts to actively exploit applications and services that it detects running on the system with known vulnerabilities. It will not report on patch levels as it does not have access to the system console. Some interruptions in service may be observed, but is rare.
This service is available upon request by any end user of a University owned system, or by a department that maintains its own IT services. We will perform one time scans if required, or help create a program to regularly monitor system security on an ongoing basis. Reports of issues discovered and possible remediation steps will delivered to the system owner upon completion.
Contact the ITS Solutions Centre.
There is no cost for this service, as it is funded by the University.
Monday - Friday, 8:30 AM to 4:30 PM.
Please contact the ITS Solutions Centre for assistance with this service (403-329-2490, firstname.lastname@example.org, or Room E610, University Hall).