Security Vulnerability Consulting and Assessment

Security Vulnerability Consulting and Assessment

About this service

Other names for this service

Scanning Services, Vulnerability Assessment.

Service documentation

Why to use this service

Engage service to request access to security vulnerability assessment tools or consult with experts who can help you meet campus security requirements, interpret scan results, reduce risk to campus, or identify security weaknesses.

Features

Scanning Engines Used

Authorized University security scanning resources are listed below for general reference. If you have questions about scanning activity from the below sources, feel free to contact scanningservices@illinois.edu

ENGINE TYPE(S)
FQDN
IP/NET
NOTES
nmap, Nessus, custom scanner.opia.illinois.edu 192.17.95.155 *Multipurpose security scanner in use by Technology Services' Privacy & Security
QualysGuard local scanning engine qg00.cites.illinois.edu 192.17.95.145 Scanning appliance
QualysGuard local scanning engine qg01.cites.illinois.edu 192.17.95.144 Scanning appliance
QualysGuard cloud scanning engines --- 64.39.96.0/20  
Application scanning opia-loic.ad.uillinois.edu 192.17.95.146  

Getting and using this service

Who can use this service

Faculty/Staff

How to get this service

IMPORTANT NOTE on RECENT CHANGES:

For custom software developed in-house: Currently application scanning is being transitioned to software development groups for internally developed applications. Privacy & Security's Vulnerability Assessment team will no longer be performing application scans as a part of the large service offering.

3rd party applications, vended applications, and commercial solutions will undergo vendor and solution risk assessment instead of application scanning. This means that  Vulnerability Management will be coordinating with Privacy& Security's Governance, Risk, and Compliance group to complete a risk assessment process in order to assess levels of overall security assurance rather than specific application testing. Again, this is for vended, commercial products and services, not software developed custom or in-house.

Requests for access to tools, vulnerability management consulting, or scanning work requests may be submitted to scanningservices@illinois.edu.

Requests for scanning to be performed for you by Privacy & Security may be accomplished by submitting a scan request form (please note that due to resource constraints, requests are currently backlogged):

Host/Network/Port Scan: https://go.illinois.edu/hostscan

Web Application Scan: https://go.illinois.edu/appscan

Cost

No charge.

How to use this service

In person, email, phone.

Quotas and usage restrictions

Quotas: None

Usage Restrictions: Application scanning customers must fill out questionnaire and affidavit before scanning. Requester must have authority for systems being scanned.

Sensitive data considerations

Technology Services will not scan on any system containing sensitive data.

Hours and support

Standard service hours

8:00 a.m. to 5:00 p.m. Monday through Friday.

Scheduled maintenance hours

  1. Datacenter assets will be scanned quarterly starting at 10:30 AM and running for 24 hours. privacy & Security will be doing so using the below schedule:

    • Tuesday of Spring Break

    • First Tuesday following June 15th

    • Tuesday of Fall Break

    • Tuesday following January 4th

    • There may be some variation in the above schedule due to unexpected operational needs, however a notice will always be delivered to stakeholders containing a scan notice with the intended window prior to any scan event.

  2. Scans will use all appropriate plugins. If a certain plugin or scan feature is causing problems, contact scanningservices@illinois.edu.
  3. Asset stewards will be notified of high or critical severity vulnerabilities/exposures and  expected to remedy or mitigate the risk as appropriate, or otherwise pursue and obtain the appropriate executive risk decision process (contact itpolicy@illinois.edu for more information on risk acceptance/risk process).
  4. Assets that display an unusually large number of vulnerabilities, or are involved in security incidents may be scanned unexpectedly or at a higher frequency until they fall into the range of acceptable risk.

Staffed support hours

8:00 a.m. to 5:00 p.m. Monday through Friday

How to report issues