Northwestern IT's Information Security Office maintains and operates a Vulnerability Assessment Program to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities in its own network infrastructure, related devices, and web services.
Features and Benefits
Vulnerability assessments composition
- Consultation on the benefits of vulnerability assessments.
- Initial audit of a client's network infrastructure through review of documents, configurations, network diagrams, and interviews
- In-depth network-based assessment of workstations, servers, devices, and the overall security of the network infrastructure
- Coordination, collaboration, and general technical consulting before, during, and after the assessment.
- Follow-up documentation/reports and additional consulting as needed after the assessment.
- On an ad-hoc basis, educational presentations concerning topics relevant to vulnerability assessments such as reducing vulnerabilities and secure coding.
System Assessments
Systems assessment are designed for systems on the front end (laptops and desktops) and back end (servers). Scans look at operating systems vulnerabilities, as well as known issues relating to software configuration; e.g., zero day vulnerabilities, expired SSL Certificates, weak passwords, et al.
The System Vulnerability Assessment provides:
- Ad-hoc or scheduled scans for vulnerabilities on a school’s or department’s systems.
- Comprehensive reports with details and solutions for each vulnerability found.
- Multiple report formats to fit the needs of reviewers.
- Review of any existing security scans already completed by a school or department.
Web Services Assessment
Web services assessments proactively assess websites for vulnerabilities that could allow unauthorized access to sites or systems.
The Web Services Assessment provides:
- Ad-Hoc or scheduled scans for vulnerabilities on a school’s or department’s website
- Review for outdated software versions and other vulnerabilities, such as Cross-Site Scripting (XSS) and SQL injection
- Printed report of assessment findings
- Review of any existing security scans already completed by a school or department.
Note: The Web Services Assessment scan can run for a prolonged period before completion, depending upon your design. The Information Security Office will work with customers to establish a mutually agreed upon window for scanning.
Available to
Cost
Vulnerability assessment services are offered at no cost to University Clients (schools and departments). While there is no charge for these assessment services, there is an expectation that the client will take appropriate action to resolve high-risk vulnerabilities in a timely manner to prevent their exploitation. The information security team can provide some technical assistance in the remediation effort.
How to Request Service
Click the "Request Service" button to the right.
Support Resources
Training
The Tenable Product Education YouTube Channel is a helpful resource for those using the Tenable.io and looking for less advanced training on the Tenable.io system. These videos are designed to help get you started using the Tenable Vulnerability Management Tool. For more advanced training, open a Service Request for access to the Tenable University portal.