Skip to Main Content

Request Support

Vulnerability Scanning

The UGA Office of Information Security uses Rapid 7's Nexpose to conduct regular vulnerability scans on devices that are connected to the UGA network.

Scheduled vulnerability scanning is available to any units on campus that want a more detailed picture of the security of their systems. Scans are customized for each unit and can be scheduled on a weekly or monthly basis. Additionally, we will scan upon request from the system's owner or as needed at the discretion of UGA InfoSec Personnel, generally as part of an investigation of suspicious-looking network activity.

Please note that unauthorized scanning to or from a UGA system is not permitted. In addition, since scanning is often either an indication of system compromise or of malicious intent, we treat it as such. Scanning from off-campus is assumed to be reconnaissance prior to an attack, while scanning from inside campus is assumed to indicate that the system in question has already been compromised.  If you wish to perform scans on your own systems, please email us prior to doing so, and tell us the precise nature and scope of your intended activity.

Request

Request a vulnerability scan here. (Authentication required.)

Vulnerability Scan FAQ

What is Nexpose?

Infosec has a license to provide vulnerability scans to campus using Rapid 7's Nexpose. This tool has a robust user interface, and can detect potential vulnerabilities in a wide array of applications and server environments. Each vulnerability includes remediation steps, potential impacts of remediation, severity of risk, and links to development information on the issue. This information is gathered in customized reports which are automatically mailed to you after each scan.

What benefits do vulnerability scans provide?

Scans spot critical security concerns before a compromise can damage a departments reputation. They provide details of what could go wrong, how time consuming fixing the problem could be, and the potential impact of ignoring the problem. Scans also demonstrate potential risk, which can be used for requesting additional funding or upgrading resources.

Why are vulnerability scans important to system security?

Scans performed by the Office of Information Security allow a system's owner to learn in advance about security vulnerabilities specific to that system. For example we may scan systems in the student residential areas before a break because systems left unattended over vacation periods are particularly likely to come under attack, and possibly be compromised. There are no special privileges being used to accomplish these security scans.  Note that anyone, anywhere on the Internet could also run an equivalent scan of any system that is directly connected to the Internet (i.e., not behind a firewall or similar device). In fact, they may already have done so in preparation for an attack.

Why would someone want to attack my system?

Some users think that since they aren't a bank or a top-secret defense researcher, no one will be interested in breaking into their systems. In fact, there are a number of reasons that a malicious individual might have for compromising a particular system.   The intention could be to use your system as a starting point or stepping stone from which to launch attacks on the attacker's real target, thereby confusing the issue of where the attack originated.  The intention could also be to use your system to store illegal software such as pirated programs, movies, games, music, or hacking tools.  This allows the owner of the compromised system to take the blame when such materials are discovered.

When UGA InfoSec scans a system, who gets the results?

The results of a vulnerability scan are seen by UGA InfoSec Security staff, and can be sent to the individual in charge of the system being scanned. The logs are also sent to our SIEM so they can be correlated with UGA threat data. In the case of student house computers, both the student who owns the system and their UGA security liaison house rep are notified if a system appears to have specific vulnerabilities that need to be fixed.  If you are a student and would prefer to receive the results of your scan regardless of whether vulnerabilities were uncovered, let us know.  Scan results can be sent in cleartext or encrypted email upon request.  If you prefer your results to be sent in encrypted form, please notify the Office of Information Security.

Does UGA InfoSec look at my files when scanning my computer?

UGA InfoSec does not look at the contents of your files, whether they reside on an UGA-managed computer, or on a personal system being scanned for security vulnerabilities.  We consider the systems being scanned to be private; in addition, the scanning software we use does not allow this type of access.  The security vulnerability scans performed by UGA InfoSec only check for potential vulnerabilites; they do not actually exercise any of them.  The scanning tool we currently use looks to see what ports are open on a given system, and notes the operating system in use.  If daemons or services allowing any form of remote access are in use on the system, that fact is noted and the scanning tool attempts to determine whether the services running are subject to any known security holes.