Security and Policy Services
SecurePurdue, ITAP and Purdue at large offer a variety of security-related services to help the University community achieve the goals of the SecurePurdue initiative. Use the links below to access security-related services at Purdue.
The ITaP Vulnerability Management service is available to University System and Network Administrators. It provides an insight into what exactly is on the network and the potential vulnerabilities they create. Vulnerability scans can be setup and ran on a scheduled basis. These scans can be Intrusive or Non-Intrusive in nature and can even be ran against mobile devices. Authentication can be added for a deeper vulnerability and policy scan. Compliance templates are built-in and updated regularly by McAfee Labs for SOX, FISMA, HIPAA, PCI and more.
For more information and to request access to the ITaP MVM service contact: firstname.lastname@example.org.
If you suspect that your Purdue or personal computer has been compromised, this page lists the steps to follow.
Web Application Vulnerability Scanning
Web applications, while extremely useful, are a major threat vector for all organizations. A study by nCircle found that there was a 154% increase from 2007 to 2008 in web application vulnerabilities and that number was expected to continue to grow by 25% in 2009.
The IT Security Services group performs web application vulnerability scans against web applications before they are placed in production. These scans are performed against internally developed applications or hosted applications before "go-live" to help identify and resolve any major vulnerabilities that exist. The scans can take one day or up to a month to complete depending on the complexity and size of the application.
The scan will check for high risks such as SQL Injection, information leakage, and Cross-Site Scripting vulnerabilities. A high level summary report and a detailed report are provided after the scans are completed. The summary report provides a high-level description of the issues found and their possible causes, while the detailed report provides all that is included in the summary report with more detail and remediation recommendations for each vulnerability found. Typically unauthenticated and authenticated scans are performed against the web application.
For further information regarding web application security please see the Open Web Application Security Project (OWASP) web page located at owasp.org.
To request a scan please submit requests via Risque (IT Security - WebApp Security Scan). If you have never logged into Risque, then you will need to set up your Risque client profile (WebApp Security Scan will automatically be checked). If you have any questions please send an email to email@example.com.
STEAM is the IT security incident response team at Purdue, which is composed of IT professionals from all University IT departments who share information and offer assistance when IT security incidents occur.
Access free antivirus and security software, such as McAfee. Log in to find the appropriate version for your computer and be sure to also download and install the latest McAfee patch from the patches page.
Endpoint Protection Service
The ITaP Endpoint service is available to University system administrators. Among other benefits, this service includes reporting capabilities to determine if a department's VirusScan policy is current. For more information about the ITaP ePO service, contact: firstname.lastname@example.org.
The Identity Access Management Office (IAMO) coordinates the activities of identity assignment and role-based access across the University, and provides a consistent means of identifying Purdue University constituents and allowing them access to resources while ensuring an individual's privacy.
Filelocker is an open-sourced program created by Purdue University that allows faculty and staff a convenient way to securely share files with other people, both on and off campus.
Before purchasing new IT software or services, request a Vendor Security Review