Vulnerability Management

The BSD Information Security Office (ISO) has created a Vulnerability Management program designed to better protect and monitor BSD systems and servers.

The ISO will coordinate access to QualysGuard scanners and allocate licenses and user accounts to designated business units where there is a demonstrated need for vulnerability scanning. This can be done for individual devices or for whole departments.

The technology is fully managed and maintained by the ISO’s dedicated security team, eliminating administrative and maintenance burdens. Whether needed for compliance or simply as a precaution, the actionable information provided by vulnerability scans is an indispensable step in your security plan.

Benefits of vulnerability scanning:

  • External vulnerability scans simulate the effect of Internet users attempting to access a network. This can reveal a wide variety of potential threats, such as cross-site scripting risks or unpatched web servers. Your external tests will see and report what an outsider can see.
  • Internal vulnerability scans occur from within the network. These results can be extremely valuable as they represent an attacker’s view once they have breached external protection measures, or worse, are working from within the local network.

For access to QualysGuard, please contact our office at security@bsd.uchicago.edu.

 

Frequently Asked Questions

Q: How do I use the tools?

A: The QualysGuard video series gives you immediate access to a large video library of tutorials (https://community.qualys.com/docs/DOC-1323).

Q: Will the scan have a negative impact on my network?

A: Scanning should not affect your infrastructure or cause any devices to stop responding. Most vulnerability detections are non-intrusive, meaning that the scanner never exploits vulnerability if it could negatively affect the host in any way.

Q: How does the scanner find vulnerabilities?

A: The scanning engine performs scans in a very dynamic manner to optimize speed and performance. The following is a simplified description of the main steps of a scan:

  • Checking if the remote host is alive – This detection is done by sending ICMP Echo Request (ping) packets, as well as probing some well-known TCP and UDP ports.
  • Firewall detection – This test enables the scanner to gather more information about the network infrastructure and will help during the scan of TCP and UDP ports.
  • TCP / UDP Port scanning – Detect all open TCP and UDP ports to determine which services are running on this host. The number of ports is configurable, but the default scan is approximately 1900 TCP ports and 180 UDP ports.
  • OS Detection – The scanner tries to identify the operating system running on the host. This detection is based on sending specific TCP packets to open and closed ports.
  • TCP / UDP Service Discovery – The scanner tries to identify which service runs on each open port by using active discovery tests.
  • Vulnerability assessment based on the services detected – The scanner performs the actual vulnerability assessment. The scanner first tries to check the version of the service in order to detect only vulnerabilities applicable to this specific service version.

Q: The scan found vulnerabilities, how do I fix them?

A: In the scan report, a detailed description of each vulnerability will be provided as well as the steps required to resolve the vulnerability. Additionally, external links to security resources such as CVE, OWASP, and other security sites are suggested for more details. After the vulnerabilities have been fixed, rescan to confirm if the vulnerability has been addressed.