Technology Services maintains multiple vulnerability assessment technologies each targeting specific layer in the service delivery stack, though some degree of overlap exists in each.
Authorized scanning resources are listed below for general reference. This is a non-inclusive list as the vulnerability program needs it may use additional resources not listed here. External agencies both approved and not approved continuously scan our network for vulnerabilities. If you have questions about scanning activity from the any source, feel free to contact securitysupport@illinois.edu
ENGINE TYPE(S) | FQDN | IP/NET | NOTES |
---|---|---|---|
Nmap, Nessus, custom, others* | scanner.opia.illinois.edu | 192.17.95.155 | *Multipurpose security scanner, other tools used as needed |
Nmap, Nessus, custom, others* | scanner2.opia.illinois.edu | 192.17.95.162 | *Multipurpose security scanner, other tools used as needed |
Qualys local network scan engine | qg00.cites.illinois.edu | 192.17.95.145 | Scanning appliance |
Qualys local network scan engine | qg01.cites.illinois.edu | 192.17.95.144 | Scanning appliance |
Qualys local network scan engines | qvsa[00-03].virtual.illinois.edu | 192.17.171.30-192.17.171.33 | Scanning appliances |
Qualys cloud scanning engines | --- | 64.39.96.0/20 139.87.112.0/23 | External scanning appliances within the Qualys Cloud Platform |
UT Dorkbot | autoscan.infosec.utexas.edu | 146.6.15.11 | External web application scanner run by UT Austin which continually scans all Illinois assets https://security.utexas.edu/dorkbot |
Shodan | census[1-12].shodan.io | † | †There are many shodan scanners, but they all should resolve to shodan.io addresses. Use the shodan web console to enumerate info found by Shodan |
Scans using the recommended profile meet the controls regarding unauthenticated vulnerability scanning: - IT03.10.1 - IT04.10.1 - IT10.10.1
Separate authenticated or agent-based scans are required for High Risk systems.
Detailed information about security controls can be found at: https://cybersecurity.uillinois.edu/controls
Regular vulnerability scans are conducted to maintain accurate and timely vulnerability information for campus assets. These scans are conducted with the Qualys Cloud Platform.
Network Port: A numeric identifier assigned to different TCP or UDP channels on a network interface. Although port numbers range from 0 to 65535, many well-known services have reserved port numbers between 0 and 1024 (e.g., HTTP uses port 80, Telnet uses port 23, and FTP uses ports 20 and 21.) To establish a session with a host, a network request must be sent to the appropriate port number on the host (i.e. to establish an HTTP session with a web server, your workstation software will send a request to port 80 of the web server).
Port Mapping: The process of sending packets to selected service port numbers (HTTP-80, Telnet-23, etc.) of a computing system with the purpose of collecting information such as available network services from that system. This non-invasive process is helpful for troubleshooting system problems or tightening system security. Network port scanning is an information gathering process, and when performed by unknown individuals it can be a prelude to attack.
Scanning: The process of gathering information on computing systems, which may be used for system maintenance, security assessment and investigation, and for attack. This process includes port mapping, vulnerability scanning; and at times (with the cooperation from system owners), authentication and internal information gathering. If used properly, scanning of this type is an excellent tool for protecting University information resources. Malicious scans can be a prelude to the disclosure of sensitive data, loss of service, and damage to the University's reputation in the global community.
Vulnerability Scanning: The process of identifying known vulnerabilities of computing systems on the network. This process goes a step beyond identifying the available network services of a system as performed by a network port scan. The vulnerability scan attempts to identify specific weaknesses in the operating system or application software, which can be used to compromise or crash the system. The vulnerability scan is also an information gathering process, and when performed by unknown individuals it is considered a prelude to attack.
Application Scanning: The process of identifying known vulnerabilities in software applications using automated scanning tools. These tools use methods such as querying and spidering to identify all pages and functions in a web site or application. It then tests the limits of each function or input identified with tests developed against common vulnerabilities and common OWASP Top 10 flaws such as cross-site scripting, sequel injection, injection through i-frames, cross-site request forgery, authentication bypass, and other commonly occurring issues.
For any questions please email securitysupport@illinois.edu.