| Abstract: | Indiana University is comprised of eight campuses with approximately 60,000 system-wide networked devices. We absolutely subscribe the view that organizations should be scanning their systems for vulnerabilities just as the potential intruders do. We established a relationship with Internet Security Services (ISS) many years ago, and purchased a license to use their Internet Scanner on our campuses. However, we needed to make this scanner available to technicians, while maintaining some level of control (for licensing and in order to maintain an understanding of the overall security situation at the university). We also wanted to make it easy to implement mandatory periodic or ad hoc scanning. So, we implemented a Web-based security vulnerability assessment application that provides individual technicians the ability to perform vulnerability scans of their systems, either by request or periodically and automatically.
|
