Information Assurance (IA) conducts routine quarterly scans of all University of Michigan owned and managed networks and offers a monthly and on-demand scanning service on request. All networks, systems, databases, or applications that create, maintain, process, transmit, or store data classified as High or Restricted must be scanned monthly.
- The scans try to connect to hosts on the target networks in various ways to determine which hosts are responsive. Hosts can include computer workstations and servers, network switches and routers, networked printers, scanners, copiers, digital telecommunications, and personally owned devices.
- Discovered hosts are subsequently interrogated to find open ports for the scanner to probe.
- Any open ports are examined for vulnerabilities and misconfigurations specific to the type of service detected on the port. Much of this examination relies on self-reporting by the host (such as reports of software version numbers).
- Scans are limited to reviewing system and application configuration and do not open or examine content in email, documents, spreadsheets, databases, or any other application.
For answers to questions you may have about IA scans, see the Monthly & On-Demand Vulnerability Scanning FAQ.
Quarterly Vulnerability Scans—conducted routinely by IA
IA conducts quarterly vulnerability scans of the entire network address space registered to the University of Michigan. The scans come from a scanner positioned outside the university to give units the perspective of what an attacker can see from outside university networks.
Detailed vulnerability reports are provided to the identified contact person in a unit (as listed in the ITS Network Information Database—NetInfo). with the expectation that corrective actions will be taken.
Units are expected to remediate any identified vulnerabilities as outlined in Vulnerability Remediation.
Monthly and On-Demand Scanning Service—available free from IA on request
Web Application Security Scanning—available free from IA on request
Your unit's web applications often need to be reachable from the internet, which can leave them vulnerable to attack. To help U-M units identify and resolve vulnerabilities in web applications, IA offers web application security scans at no charge.
The scanner is effective at finding weaknesses in web applications, such as SQL injection, cross-site scripting, and authentication bypass vulnerabilities. The scanner crawls a given web application, checking for problems across web servers, proxy servers, web applications, and other web services. After a scan completes, IA provides a report detailing any concerns discovered and recommendations for remediation.
Information Assurance also subscribes to the Dorkbot service offered by the University of Texas at Austin Information Security Office for vulnerability discovery across publicly accessible sites. These checks come from autoscan.infosec.utexas.edu (188.8.131.52) which should be whitelisted for maximum value.
Targeted Scans for Specific Vulnerabilities—conducted by IA
IA occasionally performs narrowly targeted scans of all U-M networks to find high-risk vulnerabilities that pose an imminent threat.
When such scans are performed, every effort will be made to notify network owners in advance. An email notification will be sent to network administration lists such as FLN to advise of the scope and timing of the scan.
Units that observe unexpected scan traffic may contact email@example.com with the relevant source and target IP address to determine whether an IA scan is the root cause.
Units interested in performing regular vulnerability scans should first evaluate the free IA monthly and on-demand scanning service to see if it will meet their needs. If that is deemed insufficient, you can contact IA via the ITS Service Center for vulnerability scanning suggestions.