UISO Vulnerability Scanners

Host Vulnerability Assessment Scanner

The Host Vulnerability Assessment Scanner attempts to discover vulnerabilities on your system connected to the IU Network. It uses a variety of external tests to discover misconfigured services, vulnerable ports, and other open attack vectors.

IU Policy requires that hosts be scanned once a month for potential vulnerabilities. In order to request a scan, these steps should be followed.

  1. Make sure the scanner can communicate with your machine. We already work around the Data Center firewalls. You will need to provide exceptions for the scanner in any local firewall if you want scan results. 
  2. Visit the request page. In the submission box, ONLY submit one IP per line. No DNS names. CIDR blocks can be used by you may have network equipment that shows up in your scan results.
  3. If this is your first request, put in the email address that should be contacted with scan results. This should be a group account of some kind.
  4. If you just would like to have access to scan reports for a Unit that is already created, simply put the email address in with no machines.
  5. If you made requests before, your active Units will appear in a dropdown box.


Web Application Vulnerability Scanner

The Web Scanner attempts to discover vulnerabilities in your Web site. It begins by indexing your entire site looking for Web pages,then determines which tests it needs to run based on the type of Web site/pages present.

Read more about the Web Application Vulnerability Scanner.

Security & Policy Blog Posts

  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.

    Recent Security Bulletins

  • A critical vulnerability in Microsoft's HTTP.sys component may lead to remote code execution.
  • Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.
  • Vulnerability in SSL 3.0
  • Critical Bash Exploit: Shellshock