Penn State Home

                                        

   

 

Policies & Guidelines

SOS Services

Spam Information

Incident Reporting

Security Guides

Setting Passwords

SOS Staff

FAQ

ITS Site Search:



ITS sponsors an annual security awareness campaign

 

Internet Security Scanner

What is ISS?

The Pennsylvania State University’s Security Operations and Services office, a unit of Information Technology Services, can help you identify vulnerabilities and misconfigurations in operating systems and software, at no charge leveraging ISS, a commercial grade scanning tool, from IBM Internet Security Systems.

Note: The University reserves the right to scan at any time any machine directly connected to its networks.

Who Can Request an ISS Scan?

Only a departmental network contact can authorize a scan. The appropriate network contacts will be notified to verify a scan request made by non-network staff members. Results of the ISS scan will be returned to the network contacts but the information may be shared with system administrators of affected machines, and with management in their units as appropriate.

What Happens When I Request an ISS Scan?

Network contacts can request a scan at their discretion. Scans can be performed as often as contacts deem necessary to protect their environment. Once a request is made, ITS’ Security and Operations Services may contact the scan requestor for more detailed information prior to starting the scan, Results will be returned to the network contact for appropriate action. A scan may be delayed in the event of a high priority security incident. Large-scale scans will take longer to process and analyze. In the event of several concurrent large-scale scans, SOS will contact the requestors to advise them of the situation.

Note:  Repeated, unauthorized scan requests (e.g., abusive activity) may result in referral to the Office of Judicial Affairs or to the Office of Human Resources.

What are Some Limitations of the ISS Scanning Service?

Under certain circumstances, some vulnerabilities or misconfigurations will not be detected. The operating system(s) and software should be secured to industry standard practices and this scan should not be used as a guarantee that your system(s) are secure. SOS recommends scanning a test Web application server rather than a production server. In rare circumstances, scans may have inadvertent side effects including, but not limited to, disruption of network traffic, "crashing" of computer and network equipment, or potentially filling a database with extraneous data. For additional information regarding this, and other scanning concerns, please visit Scanning Concerns and Considerations page:

How Can I Request an ISS Scan?

To request an ISS scan, please navigate to the following link: ISS request form

If the IP address(es) you are having scanned host Web application(s), please also request a Web application scan

 
   
About the units of
ITS Logo
 

 

 The Pennsylvania State University © 2007. All rights reserved.
Alternative Media - Nondiscrimination Statement
This site maintained by Security Operations and Services,
a unit of Information Technology Services.

For assistance, contact Security Operations and Services.
Provide site feedback to the Security Webmaster.

Last revised: 01/12/2007