Login   |    ITaP Home > Security > Vulnerability Scanning Cluster

 

Frequently Asked Questions

NOTE: If you have a question related to VSC terminology or operation, please refer to the Administrators Guide.

Q: Who has access to the final reporting data and why?

A: If you are the administrator of a domain or child you can see the reporting data only from that domain or child and any children that that domain or child may have. ItaP Security and Policy is the highest level within the hierarchy structure to help support the system. By default ItaP Security and Policy has access to all the reports. However, no action or additional reporting is currently performed from the report data. ItaP Security and Policy will ensure privacy of all the report information and will not share the information with any person or organization outside of a particular domain or child unless required to do so by law or university policy. The system administrator has the capability to delete report information at anytime.

Q: I’m not a system administrator so how would I scan my machine for vulnerabilities?

A: Currently, only system administrators can scan equipment within their assigned domain. As we continue to improve the VSC and it’s authorization and authentication capabilities, we plan to offer access to non-system administrators in the future.

Q: How do I make a feature request?

A: Please send feature requests to itap-vsc@purdue.edu.

Q: How often should I scan my systems?

A: ItaP Security and Policy recommend that you scan new machines with new configurations before they are deployed. Security and Policy also recommend that you consider periodic scans of your systems to assess newly discovered vulnerabilities, as well as any possible security breaches that may have occurred since your last scan. If your organization operates under Federal, State, or Purdue guidelines for security, you should schedule scans accordingly.

Q: What do my scan results mean?

A: Your scan results offer a view of what vulnerabilities and issues may exist on your system. However, you will need to check these vulnerabilities as the scanning system can return false positives and misidentify issues on your system. In addition, you should research any fixes suggested to determine their suitability to your specific environment.

Q: I need help interpreting my scan results, whom do I contact?

A: ItaP Security and Policy can be reached at itap-securityhelp@lists.purdue.edu. Also, additional information is available from the Nessus online documentation located at http://www.nessus.org.

Q: My results say that I have security holes. What should I do?

A: Immediately check to see if the security hole exists, if it affects the system in question, and if it can be patched or fixed from any available links provided in the report. Patch the hole, or ensure that appropriate security measures have been taken to prevent the hole from being exploited.

Q: My results say that I have security warnings. What should I do?

A: These are often unknown ports or other un-identified services that could be an open port or vulnerability, services with possible vulnerabilities (rather than known definite vulnerabilities), or sources of information about your system. Check warnings against your known services to determine what should and should not be running. If you need the service or item being warned about, take appropriate security measures to minimize risks.

Q: My results say that I have security notes. What should I do?

A: Check the security note, and take appropriate action if necessary. Most security notes are relatively minor information, or note that an attacker can gain miscellaneous information about your system.

Q: What is Nessus?

A: Nessus is an open source vulnerability scanning system. More information can be found at: http://www.nessus.org

Q: Why are we using Nessus?

A: Nessus is the pre-eminent open source scanner in the world. It provides a highly modular approach and a large user community, resulting in frequent updates and a very large vulnerability database. In addition, the open source nature of Nessus allows ItaP Security and Policy to build better interfaces and to run on more systems than other vulnerability scanning systems.

Q: What is Nmap?

A: Nmap is a port scanning tool used to determine what ports are open on a given system. Nessus uses Nmap as part of its internal scans for open ports on tested systems.