Who has access to the final reporting data and why?
If you are the administrator of a domain or child you can see the reporting data only from that domain or child and any children that that domain or child may have. ItaP Networks and Security is the highest level within the hierarchy structure to help support the system. By default ItaP Networks and Security has access to all the reports. However, no action or additional reporting is currently performed from the report data. ItaP Networks and Security will ensure privacy of all the report information and will not share the information with any person or organization outside of a particular domain or child unless required to do so by law or university policy. The system administrator has the capability to delete report information at anytime.

  Print  Top

I’m not a system administrator so how would I scan my machine for vulnerabilities?
Currently, only system administrators can scan equipment within their assigned domain. As we continue to improve the VSC and it’s authorization and authentication capabilities, we plan to offer access to non-system administrators in the future.

  Print  Top

How do I make a feature request?
Please send feature requests to itap-vsc@purdue.edu.

  Print  Top

How often should I scan my systems?
ItaP Networks and Security recommend that you scan new machines with new configurations before they are deployed. Networks and Security also recommend that you consider periodic scans of your systems to assess newly discovered vulnerabilities, as well as any possible security breaches that may have occurred since your last scan. If your organization operates under Federal, State, or Purdue guidelines for security, you should schedule scans accordingly.

  Print  Top

What do my scan results mean?
Your scan results offer a view of what vulnerabilities and issues may exist on your system. However, you will need to check these vulnerabilities as the scanning system can return false positives and misidentify issues on your system. In addition, you should research any fixes suggested to determine their suitability to your specific environment.

  Print  Top

I need help interpreting my scan results, whom do I contact?
ItaP Networks and Security can be reached at itap-securityhelp@purdue.edu. Also, additional information is available from the Nessus online documentation located at http://www.nessus.org.

  Print  Top

My results say that I have security holes. What should I do?
Immediately check to see if the security hole exists, if it affects the system in question, and if it can be patched or fixed from any available links provided in the report. Patch the hole, or ensure that appropriate security measures have been taken to prevent the hole from being exploited.

  Print  Top

My results say that I have security warnings. What should I do?
Check the security note, and take appropriate action if necessary. Most security notes are relatively minor information, or note that an attacker can gain miscellaneous information about your system.

  Print  Top

What is Nessus?
Nessus is an open source vulnerability scanning system. More information can be found at: http://www.nessus.org

  Print  Top

Why are we using Nessus?
Nessus is the pre-eminent open source scanner in the world. It provides a highly modular approach and a large user community, resulting in frequent updates and a very large vulnerability database. In addition, the open source nature of Nessus allows ItaP Networks and Security to build better interfaces and to run on more systems than other vulnerability scanning systems.

  Print  Top

What is Nmap?
Nmap is a port scanning tool used to determine what ports are open on a given system. Nessus uses Nmap as part of its internal scans for open ports on tested systems.

  Print  Top