Difference between revisions of "Network Security Audit (Feb 2014)"
(4 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
'''Why is this activity occurring?''' | '''Why is this activity occurring?''' | ||
− | The network security audit will provide ECE stakeholders with information about the Department’s network attack surface. | + | The network security audit will provide ECE stakeholders with information about the Department’s network attack surface. Future security planning and network design are expected to benefit as a result of this activity. |
'''What can I expect during this activity?''' | '''What can I expect during this activity?''' | ||
− | No network outages are planned. While the network scans | + | No network outages are planned. While the network scans do not mimic a Denial of Service attack, they may antagonize intrusion detection systems. |
'''Do I need to do anything during or before this activity?''' | '''Do I need to do anything during or before this activity?''' | ||
Line 23: | Line 23: | ||
'''Additional Background Information for the Change''' | '''Additional Background Information for the Change''' | ||
− | Two different sources will scan all ECE networks. Scanning software will attempt to connect to each ECE IP address to see if it’s active, and if it is, it will try to determine what ports | + | Two different sources will scan all ECE networks. Scanning software will attempt to connect to each ECE IP address to see if it’s active, and if it is, it will try to determine what ports are open. From that point, the scanners will try to determine details about the applications (e.g., services, daemons) listening on those ports. |
The two scan sources are | The two scan sources are | ||
1. SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits) | 1. SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits) | ||
+ | |||
2. UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public | 2. UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public | ||
Latest revision as of 13:25, 12 February 2014
Dear ECE Faculty, Students, and Staff,
What is this activity and when will it occur?
All ECE TCP/IP networks will experience internal and external network security scans at various times starting February 11th and ending February 21st 2014.
Why is this activity occurring?
The network security audit will provide ECE stakeholders with information about the Department’s network attack surface. Future security planning and network design are expected to benefit as a result of this activity.
What can I expect during this activity?
No network outages are planned. While the network scans do not mimic a Denial of Service attack, they may antagonize intrusion detection systems.
Do I need to do anything during or before this activity?
No action is required on your part.
Support
ECE IT staff are available to assist you with any difficulties you may experience as a result of this activity. Please follow the instructions found at http://help.ece.ubc.ca/How_To_Report_A_Problem or, if e-mail is unavailable, please visit us in MacLeod 105.
Additional Background Information for the Change
Two different sources will scan all ECE networks. Scanning software will attempt to connect to each ECE IP address to see if it’s active, and if it is, it will try to determine what ports are open. From that point, the scanners will try to determine details about the applications (e.g., services, daemons) listening on those ports.
The two scan sources are
1. SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits)
2. UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public
Each source scans two scopes: one for all ECE VLANs, and the other for dedicated server VLANs. The scans are performed at the network level, and do not perform application vulnerability scanning. The scans are not expected to adversely affect ECE IT production services (e.g., Mail, home directories, websites).
If you have additional questions, please don’t hesitate to ask the ECE IT Support Team.
Thank you for your attention.