Vulnerability scanning service helps UB departments

Vulnerability scanning service.

By Dan Hartman

Published May 11, 2016 This content is archived.

Print
Dan Hartman.

Dan Hartman (UB Student, Class of 2016) was born in Rochester, NY. He transferred to UB after earning an Associate’s Degree at Monroe Community College and is working towards completing his Bachelor’s in Communication. Dan hopes to become a screenwriter someday. In his free time, he enjoys working out, eating cereal, and spending time with his friends.

UB is comprised of many departments operating in unique ways. But there is a common goal across every department: keeping information secure. To accomplish this, UB’s Information Security Office now provides an on-demand scanning tool to assist each school or department in understanding its potential vulnerabilities.

Launched in January 2016, the scanning tool, Rapid7 Nexpose, assesses internet accessible printers, unpatched software, and the use of insecure protocols. A protocol is a set of rules that devices use to communicate on a network. For example, network attached back-up drives come with protocols like SSDP (Single Service Discovery Protocol) enabled, which can allow the device to be exploited if not secured. The scanning service can be used to identify all insecure devices being used by a department on the university’s network.

After locating potential insecurities, Rapid7 Nexpose then evaluates the level of risk to help departments prioritize correcting them.

Jeff Murphy, UB’s Interim Information Security Officer, believes this tool does a "great job at monitoring networks and focusing the remediation efforts of IT staff throughout the university."

He added, "Departments now can understand exactly what is on their network and prioritize what problems need to be addressed first."

This scanning tool is one of many ways that UB ensures that the IT infrastructure that the university relies on stays secure for students, faculty and staff.

"This is something that we wanted to do for years,” stated Jeff. “Distributed IT staff are welcome to contact the UB Information Security Office if they are interested in using the tool."

The vulnerability scanning service is available free for all UB departments to use. Ask your IT director to request an account for you by emailing sec-office@buffalo.edu.