Re: Scanning Notices

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

We did, years ago, but we don't notify prior to the scan.  We run the scan non stop, so a typical hosts here at NU will 
get scanned once or twice a week.  I think we have received two or three complaints over the years, and all of them 
were fine once we explained the service.  (They assumed we had an infected host)

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matt 
Marmet
Sent: Wednesday, August 31, 2011 9:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Scanning Notices

Roger,

Do you notify the campus that you are doing this? We are concerned that someone somewhere will pick our scans up and 
misinterpret our motives as "spying".

Regards,

Matt
On Wed, Aug 31, 2011 at 10:39 AM, Roger A Safian <r-safian () northwestern edu<mailto:r-safian () northwestern edu>> 
wrote:
We do a non-stop, selective, Nessus scan of the campus.  If and when we find a problem, we notify the local security 
contact (no more than one notification per month, per machine) so they can address the problem.

It works, but, I am not sure it is as valuable as it once was since most machines have a firewall enabled, and many 
newer Nessus tests require local credentials, which we do not have.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Matt Marmet
Sent: Wednesday, August 31, 2011 9:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Scanning Notices

Hello Everyone,

Here at Armstrong we are looking in to scanning our internal networks (desktop and server networks). I was wondering if 
other institutions were doing this and with what frequency? Also, do you notify the campus that these scans are going 
to be taking place and, if so, how much lead time do you give the campus? What kind of email or disclaimers do you send 
out letting people know what the scan includes? We are only looking at basic port scans and such at the moment. 
Everything we would be doing is non-invasive and not "invading" the users desktops looking for personal data. Thanks 
for your replies.

Regards,

Matt
--
---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528<tel:%28912%29%20344-3528>
Cell:  (912) 414-0684<tel:%28912%29%20414-0684>

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide 
your password - it is a SCAM.

******* The CIS Team will NEVER, EVER, EVER ----- EVER ask for your
username and password via Email. Don't respond to any requests for
this information ******





--

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide 
your password - it is a SCAM.

******* The CIS Team will NEVER, EVER, EVER ----- EVER ask for your
username and password via Email. Don't respond to any requests for
this information ******