HOME
|
DOCUMENTATION
|
AMS/ROSI
|
SERVICES
|
CONTACT
Services
spacer

Security Issue Notification Mailing Lists and Network Vulnerability Scanning

Three Listserv mailing lists are available which are intended to provide important announcements to University of Toronto network administrators in the categories: Microsoft Windows OS security-related alerts, UNIX security-related alerts, and alerts of completed campus-wide vulnerability or compromise detection scans. The lists are described in more detail below.

The network vulnerability scan service provides the following:

-identify network-connected devices that may be vulnerable to exploit,
-generate reports on a per-subnet basis that can be used by departmental staff (access-controlled by UTORid)
 
One main scan which is configured to detect a wide range of vulnerabilities in Microsoft, MacOS, UNIX OS and many applications is conducted monthly. In addition, targeted scans are run as needed due to issues that are flagged in the security community. The main scan uses all Nessus plugins except those that are considered dangerous (may crash the application or OS). Those plugins are categorized as, in order of criticality: security holes, warnings and notes. The results from this scan reveal, in frequency of occurrence: old software versions that are vulnerable, missing patches, misconfiguration and obsolete OS.

Admins should consult these monthly reports and address the issues identified. If the issues are not possible to resolve, then consider other ways of reducing the risk of exploit.

If you find a false positive, need advice on remediating problems or have comments on results, contact security.admin@utoronto.ca.

 

List Name
Provides timely notification in the following areas:

win-alerts-l
  • critical Microsoft OS or application vulnerabilities.
  • critical Microsoft OS or application remediation.
  • major Microsoft-related campus security incident status.

unix-alerts-l
  • critical UNIX or application vulnerabilities.
  • critical UNIX or application remediation.
  • major UNIX-related campus security incident status.

scan-notify-l
  • availability of per-department results reporting of campus-wide scans. The reports are available to registered network admins only at:

https://cns.utoronto.ca/cgi-bin/scanreports/report.cgi

UTORid authentication is required, see form below to set up account. Contact security.admin@utoronto.ca for existing account support.

 

 

Security Notification List Signup Form
   
Your email address
   
Department
   
Full Name (eg. John Smith)
   

List selection


Required Information for scan-notify-l
   

Subnet report selection

(from /etc/networks, one per line)

eg. math-ether
  stats-ether
   

 

©2011 - University of Toronto Information + Technology Services, All Rights Reserved.