Frequently Asked Questions
NOTE: If you have a question related to VSC terminology or operation, please refer to the Administrators Guide.
A: If you are the administrator of a domain or child you can see the reporting data only from that domain or child and any children that that domain or child may have. ItaP Security and Policy is the highest level within the hierarchy structure to help support the system. By default ItaP Security and Policy has access to all the reports. However, no action or additional reporting is currently performed from the report data. ItaP Security and Policy will ensure privacy of all the report information and will not share the information with any person or organization outside of a particular domain or child unless required to do so by law or university policy. The system administrator has the capability to delete report information at anytime.
A: Currently, only system administrators can scan equipment within their assigned domain. As we continue to improve the VSC and it’s authorization and authentication capabilities, we plan to offer access to non-system administrators in the future.
A: Please send feature requests to firstname.lastname@example.org.
A: ItaP Security and Policy recommend that you scan new machines with new configurations before they are deployed. Security and Policy also recommend that you consider periodic scans of your systems to assess newly discovered vulnerabilities, as well as any possible security breaches that may have occurred since your last scan. If your organization operates under Federal, State, or Purdue guidelines for security, you should schedule scans accordingly.
A: Your scan results offer a view of what vulnerabilities and issues may exist on your system. However, you will need to check these vulnerabilities as the scanning system can return false positives and misidentify issues on your system. In addition, you should research any fixes suggested to determine their suitability to your specific environment.
A: ItaP Security and Policy can be reached at email@example.com. Also, additional information is available from the Nessus online documentation located at http://www.nessus.org.
A: Immediately check to see if the security hole exists, if it affects the system in question, and if it can be patched or fixed from any available links provided in the report. Patch the hole, or ensure that appropriate security measures have been taken to prevent the hole from being exploited.
A: These are often unknown ports or other un-identified services that could be an open port or vulnerability, services with possible vulnerabilities (rather than known definite vulnerabilities), or sources of information about your system. Check warnings against your known services to determine what should and should not be running. If you need the service or item being warned about, take appropriate security measures to minimize risks.
A: Check the security note, and take appropriate action if necessary. Most security notes are relatively minor information, or note that an attacker can gain miscellaneous information about your system.
A: Nessus is an open source vulnerability scanning system. More information can be found at: http://www.nessus.org
A: Nessus is the pre-eminent open source scanner in the world. It provides a highly modular approach and a large user community, resulting in frequent updates and a very large vulnerability database. In addition, the open source nature of Nessus allows ItaP Security and Policy to build better interfaces and to run on more systems than other vulnerability scanning systems.
A: Nmap is a port scanning tool used to determine what ports are open
on a given system. Nessus uses Nmap as part of its internal scans for
open ports on tested systems.