Description
Vulnerability scanning provides ICN customers with vulnerability reports to aid in identifying and solving network security issues with respect to customer's Internet and Online presence.
The Vulnerability Scanning service allows customers to leverage DoIT expertise to better secure their networks from outside attackers. This scanning identifies hosts that are open to the Internet and provides service vulnerability information on those hosts to help the IT Coordinator determine the best course of remediation. Best in class third party products and DoIT developed scripts are currently in use by DoIT Risk Management/Technical Safeguards unit and are the primary tools used for this service.
The service provides three reports for customer IT coordinators. This allows customers to approach the issues in a way that makes sense to them.
Stand Alone Scan: The results of this scan include a
static PDF report, spreadsheet as well as a dynamic html report interface that will
be provided to the customer with a cover letter summarizing the vulnerabilities
found and highlighting recommendations for mitigation.
Follow Up Scan: Once a customer identifies that they have
resolved their vulnerabilities they can request a Follow Up scan. This scan will be an exact repeat of the
previous scan and similar reports to the Stand Alone Scan will be provided
with cover letter.
Scan with Follow Up Scan: This includes everything that is included with
the Stand Alone Scan and adds one Follow Up Scan as detailed in the ‘Follow Up
Scan’ option.
Consulting/Mitigation Assistance: In
cases where customers are unable to make progress towards mitigating the
vulnerabilities that were found, they may desire to obtain consulting
services. This can be ordered on an
hourly basis.
Benefits
Vulnerability Scan
The vulnerability scan will profile every Internet facing address as requested in the service order provided by the customer.
Based on the time/date window provided, staff will schedule the scan and subsequently generate reports as detailed below.
HTML PDF Static Report
Excel (CSV)
Dynamic HTML Report
The Java/HTML based dynamic report allows for immediate sorting by IP, # of vulnerabilities, criticality, etc. It is an excellent tool to summarize and give direction for remediation.
Cover Letter Vulnerability Summarization
When ICN staff provides the reports, there will also be included a short summary of the report and tips as well as on line resources for remediation, as appropriate.
This will give the customer direction on how best to prioritize their efforts in order to hit the most vulnerabilities as quickly as possible.
This may also include references to best practices if the report shows any issues that could be remedied by network reconfiguration, etc.
Service Rates
Customers
will incur a one-time charge which will cover the scan and all associated work
to create and provide the results to the customer (see rates below). This
Service is available to active ICN broadband customers.
Stand Alone Scan | $500.00 (per scan) |
Follow-up Scan | $300.00 (per follow-up scan) |
Scan w/Follow-up Scan | $700.00 (per scan & 1 follow-up scan) |
Consulting/Mitigation Assistance | $108.00 (hourly) |
Questions about Vulnerability Scanning?
Complete the form below, or contact your Regional Technology Center for service order information and support.