Internal, open access

Security Scanning of Servers FAQ

Why does IT Services want to security scan my server?

Your users expect you to protected them from malicious activities whilst using your server. If you wish to manage your own servers, IT Services will run periodic tests on your server to check whether it is patched, is easy to compromise, or already has been compromised.

Not only that, but your server is a part of our campus network. If your server is vulnerable, it is a weak link and may affect the security of the rest of the campus network. This would be extremely embarrassing for your department, and you could also lose all of your work or have your data modified/stolen without your knowledge.

What does the security scan involve?

The scan involves querying your server on all ports (1-65535) and deducing which services you are running based on the replies to these queries. Once we know which services you are running (which is not necessarily the same as the services which you think you are running) we will attempt to discern if currently known exploits would be successful against your server. In a worst-case scenario we may discover that your server has already been compromised, in which case we will immediately disconnect you from the campus network until you have rectified this.

How will this security scan affect the performance of my server?

During the scan your server will register a noticeable load increase. It may even crash in rare events if it was a flaky system in the first place. This is why we only run server scans with the express knowledge of the server administrator, and only on a Tuesday evening during designated IT Services "At Risk" periods.

What if I refuse to submit to a security scan on my server? I know it's secure.

You cannot refuse to a security scan of your server if your server is a part of the University of Reading campus network. You can specify an "ideal time" you'd like us to scan it (the default is Tuesday evening at 5.30pm), but nothing more. Computer security is not something which can be left to chance; it has to be constantly checked as new exploits are discovered.

When will my server be security scanned?

Server security scans will only take place during designated ITS "At Risk Periods" (i.e. Tuesday evenings after 5.30pm). The administrator of the server will be given a calendar month's notice before the scan, so that they can patch it prior to the scan. This notice will be via email.

I've been sent a security scan report. What do I do now?

The scan report contains detailed information on the vulnerabilities found and the recommended method to resolve this problem. You should check that the services you are running are the same as the services you think you are running. The Systems Team in IT Services are always available for advice in acting on this report.

After a security scan I've been notified that my server has been disconnected. What should I do now?

We only disconnect servers when they have been found to be compromised or are so vulnerable that they are about to be compromised. We only reconnect them in the former case when the server has had its active file system formatted and the operating system has been reinstalled, is fully updated with all relevant security updates and then re-scanned. In the latter case, the machine needs to be fully updated with all relevant security updates and re-scanned.

Once you've patched your server, get back to us at ITS-Help@reading.ac.uk and we will re-scan your server that evening. If you're clean, you'll be back online for the morning.

What do you use to security scan the servers?

We use the latest build of the Nessus scanning engine, with the entire range of plugins available on the day of the scan. All ports (1-65535) are scanned, using all tests (included Denial of Service tests). This typically takes an hour or two, but multiple servers can be scanned simultaneously so all scans should be finished for about 8pm (assuming a 5.30pm start).

Was this information of use to you?

Yes No (1 person found this page useful)
Last Edited: 19 April 2016 | First Published: 3 October 2007

Things to do now

Page navigation

See also

 

Search Form

A-Z lists