Qualys Scan Tool for Critical Servers

Overview

Qualys is a vulnerability scanner that is used for critical servers and servers subject to compliance reporting.  This scanner is not generally to be used for desktop or laptop computer scanning since OIT has purchased a limited number of licenses (licensed by number of IP addresses scanned) for scanning critical and other important servers.

Qualys features include on-demand scanning of servers and mapping a subnet, flexible scan scheduling scans and reporting, ticket/remediation tracking. New checks for vulnerabilities are added weekly to the scanner.

There is no guarantee that the Qualys scanner will not affect services on a production server. Therefore it is important that the affected computer or service have a maintenance window schedule agreed to by management or other pertinent personnel. If availability is too critical to have a window, then redundancies should be created.

Highlights
Units maintain their list of critical servers in Qualys by using the Critical Server Guideline to help in assessing which servers to include.

Units include the IP addresses for critical servers in their critical server asset group following the naming convention for their area (CRITICAL.college.dept).

Units run monthly vulnerability scans and fix high risk vulnerabilities ("Confirmed level 4&5"). Other vulnerabilities should be reviewed and fixed as outlined below. The Qualys ticket remediation feature will be used for units to document false positives and remediation fixes that require more time to fix for "Confirmed level 4&5" vulnerabilities.

Many report formats are provided including compliance reporting.

More detail for system administrators.