UISO Vulnerability Scanners

QualysGuard Vulnerability Scanner

Requesting Access

The QualysGuard Vulnerability Scanner (Qualys) is used to discover vulnerabilities on systems and websites on the IU network. In order to request access to the system, you will need to send an email to scanner-admin@iu.edu with the following information. 

  1. Unique name for your group. If possible ADS groups or HR Codes like IU-UISO are the optimal format for this.
  2. username and Full Name of chief persons in charge of dealing with scanning in your group (There can be more than one
  3. username and full name of any other users who will need to read scan reports
  4. If you're doing website scanning, a list of URLs to scan.
  5. If you're doing system scanning, a list of only IPs or CIDR blocks broken out in three sections.
    1. Machines in the IU DATA center
    2. Machines outside the IU DATA center with a static IP
    3. Any DHCP ranges you exclusively control. (Any hosts that need to be scanned which use mixed DHCP ranges may need a static IP)

Login URL

When logging into Qualys, you will always need to use the SAML login link. If you're prompted for a username and password and not CAS, you need to use this link.

https://qualysguard.qualys.com/fo/login.php?idm_key=saml2_51e844852811e

Scanner Access

You may need to provide access to the scanner if you use a host-based firewall or other protections against attack on the system. The scanner does not perform denial of service attacks. These IPs should be able to ping your hosts, but if you allow the scanner to access more open ports it will give more precise results.

134.68.125.152
10.79.217.1
10.79.217.2
10.79.16.37
10.79.16.38
10.79.72.22
10.79.72.38
Additionally, any public website will most likely be scanned from a remote scanner located in the following block:

64.39.96.0/24

Basic Reporting

Follow these steps to get a basic report for your Business Unit

  1. Choose the Reports tab. Choose the Reports subtab.
  2. Select New->Report->Template Based. A new window should pop up.
  3. In Report Template, select Default Unit Report
  4. Under Asset Group, you may sellect a subset of the Asset Groups you have access to. All is a special system-level access group that shows everything you can report on.
  5. You can report on individual IPs/ranges, but you need to remove any Asset Groups from the previous section.
  6. You can choose to schedule a report. Default scans run the first Monday of every month and are usually completed by Wednesday. UISO runs our monthly scans on the second Monday of every month.
  7. Click Schedule

 

Help with Qualys

Web Application Scanner FAQ

 

Security & Policy Blog Posts

  • OpenSSL vulnerability made public on JUly 9, 2015 does not impact current popular linux distrubitons
  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services

    Recent Security Bulletins

  • RCE vulnerability in OpenFont support for all versions of Windows
  • Notice of a zero-day vulnerability in Oracle's Java has been made public
  • Multiple Zero-Day Flash vulnerabilities.
  • A critical vulnerability in Microsoft's HTTP.sys component may lead to remote code execution.