Security Issue Notification Mailing Lists and Network Vulnerability Scanning

Three Listserv mailing lists are available which are intended to provide important announcements to University of Toronto network administrators in the categories: Microsoft Windows OS security-related alerts, UNIX security-related alerts, and alerts of completed campus-wide vulnerability or compromise detection scans. The lists are described in more detail below.

The network vulnerability scan service provides the following:

-identify network-connected devices that may be vulnerable to exploit,
-generate reports on a per-subnet basis that can be used by departmental staff (access-controlled by UTORid)
 
One main scan which is configured to detect a wide range of vulnerabilities in Microsoft, MacOS, UNIX OS and many applications is conducted monthly. In addition, targeted scans are run as needed due to issues that are flagged in the security community. The main scan uses all Nessus plugins except those that are considered dangerous (may crash the application or OS). Those plugins are categorized as, in order of criticality: security holes, warnings and notes. The results from this scan reveal, in frequency of occurrence: old software versions that are vulnerable, missing patches, misconfiguration and obsolete OS.

Admins should consult these monthly reports and address the issues identified. If the issues are not possible to resolve, then consider other ways of reducing the risk of exploit.

If you find a false positive, need advice on remediating problems or have comments on results, contact security.admin@utoronto.ca.