UISO Vulnerability Scanners

QualysGuard Vulnerability Scanner

The QualysGuard Vulnerability Scanner (Qualys) is used to discover vulnerabilities on systems and websites on the IU network. In order to request access to the system, you will need to send an email to scanner-admin@iu.edu with the following information. 

  1. Unique name for your group. If possible ADS groups or HR Codes like IU-UISO are the optimal format for this.
  2. username and Full Name of chief persons in charge of dealing with scanning in your group (There can be more than one
  3. username and full name of any other users who will need to read scan reports
  4. If you're doing website scanning, a list of URLs to scan.
  5. If you're doing system scanning, a list of only IPs or CIDR blocks broken out in three sections.
    1. Machines in the IU DATA center
    2. Machines outside the IU DATA center with a static IP
    3. Any DHCP ranges you exclusively control

When logging into Qualys, you will always need to use the SAML login link. If you're prompted for a username and password and not CAS, you need to use this link.

https://qualysguard.qualys.com/fo/login.php?idm_key=saml2_51e844852811e

Scanner Access

You may need to provide access to the scanner if you use a host-based firewall or other protections against attack on the system. The scanner does not perform denial of service attacks. These IPs should be able to ping your hosts, but if you allow the scanner to access more open ports it will give more precise results.

134.68.125.152
10.79.217.1
10.79.217.2
10.79.16.37
10.79.16.38
10.79.72.22
10.79.72.38
Additionally, any public website will most likely be scanned from a remote scanner located in the following block:

64.39.96.0/20

 

Web Application Vulnerability Scanner

The Web Scanner attempts to discover vulnerabilities in your Web site. It begins by indexing your entire site looking for Web pages,then determines which tests it needs to run based on the type of Web site/pages present.

Read more about the Web Application Vulnerability Scanner.

Security & Policy Blog Posts

  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.

    Recent Security Bulletins

  • A critical vulnerability in Microsoft's HTTP.sys component may lead to remote code execution.
  • Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.