Re: SANS Post about EDU vulnerability scanning assignment

[Randy Marchany <marchany () VT EDU>]

The only problem with this assignment is the failure to explicit require
permission from the target of the scan. I give the same assignment but I
EXPLICITLY REQUIRE they produce permission (email, paper form) from the
target before they scan the systems. I also give them permission to scan
machines in my lab. I also mention they can scan their own machines. Failure
to obtain permission means no grade and possible arrest. If the prof makes
these conditions explicit, I don't see a problem with the assignment. In fact,
if you read what he requires them to include in their report, it's basically
what you would get from an IT auditing firm. It's not clear from the original
post where the prof required permission ahead of time. It has been my
experience to run across profs who forget that critical requirement :-).

-Randy