Educause Security Discussion mailing list archives
Re: Scanning Notices
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Wed, 31 Aug 2011 15:01:02 +0000
We did, years ago, but we don't notify prior to the scan. We run the scan non stop, so a typical hosts here at NU will get scanned once or twice a week. I think we have received two or three complaints over the years, and all of them were fine once we explained the service. (They assumed we had an infected host) From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matt Marmet Sent: Wednesday, August 31, 2011 9:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Scanning Notices Roger, Do you notify the campus that you are doing this? We are concerned that someone somewhere will pick our scans up and misinterpret our motives as "spying". Regards, Matt On Wed, Aug 31, 2011 at 10:39 AM, Roger A Safian <r-safian () northwestern edu<mailto:r-safian () northwestern edu>> wrote: We do a non-stop, selective, Nessus scan of the campus. If and when we find a problem, we notify the local security contact (no more than one notification per month, per machine) so they can address the problem. It works, but, I am not sure it is as valuable as it once was since most machines have a firewall enabled, and many newer Nessus tests require local credentials, which we do not have. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Matt Marmet Sent: Wednesday, August 31, 2011 9:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Scanning Notices Hello Everyone, Here at Armstrong we are looking in to scanning our internal networks (desktop and server networks). I was wondering if other institutions were doing this and with what frequency? Also, do you notify the campus that these scans are going to be taking place and, if so, how much lead time do you give the campus? What kind of email or disclaimers do you send out letting people know what the scan includes? We are only looking at basic port scans and such at the moment. Everything we would be doing is non-invasive and not "invading" the users desktops looking for personal data. Thanks for your replies. Regards, Matt -- --- Matt Marmet Director of IT Security, CISO Armstrong Atlantic State University 11935 Abercorn Street Savannah, GA 31419 Desk: (912) 344-3528<tel:%28912%29%20344-3528> Cell: (912) 414-0684<tel:%28912%29%20414-0684> Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM. ******* The CIS Team will NEVER, EVER, EVER ----- EVER ask for your username and password via Email. Don't respond to any requests for this information ****** -- --- Matt Marmet Director of IT Security, CISO Armstrong Atlantic State University 11935 Abercorn Street Savannah, GA 31419 Desk: (912) 344-3528 Cell: (912) 414-0684 Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM. ******* The CIS Team will NEVER, EVER, EVER ----- EVER ask for your username and password via Email. Don't respond to any requests for this information ******
Current thread:
- Scanning Notices Matt Marmet (Aug 31)
- Re: Scanning Notices Bob Bayn (Aug 31)
- Re: Scanning Notices Bradley, Stephen W. Mr. (Aug 31)
- Re: Scanning Notices Roger A Safian (Aug 31)
- Re: Scanning Notices Matt Marmet (Aug 31)
- Re: Scanning Notices Roger A Safian (Aug 31)
- Re: Scanning Notices Mike Porter (Aug 31)
- Re: Scanning Notices Valdis Kletnieks (Aug 31)
- Re: Scanning Notices Matt Marmet (Aug 31)
- Re: Scanning Notices Bob Bayn (Aug 31)
- Re: Scanning Notices Tim Doty (Aug 31)
- <Possible follow-ups>
- Scanning Notices Mike Fox (Sep 01)