Vulnerability Scanning

Securing a computer is an on-going process. To help assess the security weaknesses of a computer, there are scanning tools that try to identify security risks. These tools are either network-based or host-based (run on your computer).

The scanning tools generally scan your computer for known security weaknesses that the scanner can test for or for open ports (services). The tools generate a report identifying the vulnerability and potential risk. Some scan tools also provide suggestions on how to fix the vulnerability or mitigate the risk.

Security scanning using a network-based tool is only allowed for systems for which you are specifically authorized (i.e., your own or your department's if that is your responsibility). OIT Security is the only department authorized to scan throughout the University of Minnesota network.

By themselves, vulnerability scanners are not a guarantee or sufficient to protect a computer. Vulnerability scanners are tools to be used in conjunction with industry best practices for securing computers, such as applying security patches and running current version of software, configuring the software to use only the services that you need, maintaining accounts and using strong passwords, installing and running antivirus software and maintaining backup and physical security of the computer. For more information on securing your computer, see OIT Security web site at  http://www.umn.edu /oit/security

Scan Tools

Provided by OIT Security

• Qualys Scanner- for critical servers and other important servers.  This includes servers involved in credit card processing that must meet the Payment Card Industry (PCI) Scanning requirement. (PDF)

For more information on the scan process, see http://www.umn.edu/oit/security/scanprocess.html

Others Available

• Nessus - network-based
• NMAP - network-based - Recommended for testing firewalls and filters.
• Microsoft Baseline Security Analyzer Microsoft, host-based
• Secunia scan & patch Microsoft and other 3rd party software