Difference between revisions of "Network Security Audit (Feb 2014)"
| Line 28: | Line 28: | ||
| 1.    SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits) | 1.    SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits) | ||
| + | |||
| 2.    UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public | 2.    UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public | ||
Revision as of 14:18, 12 February 2014
Dear ECE Faculty, Students, and Staff,
What is this activity and when will it occur?
All ECE TCP/IP networks will experience internal and external network security scans at various times starting February 11th and ending February 21st 2014.
Why is this activity occurring?
The network security audit will provide ECE stakeholders with information about the Department’s network attack surface.
What can I expect during this activity?
No network outages are planned. While the network scans will not mimic a Denial of Service attack, it may antagonize intrusion detection systems.
Do I need to do anything during or before this activity?
No action is required on your part.
Support
ECE IT staff are available to assist you with any difficulties you may experience as a result of this activity. Please follow the instructions found at http://help.ece.ubc.ca/How_To_Report_A_Problem or, if e-mail is unavailable, please visit us in MacLeod 105.
Additional Background Information for the Change
Two different sources will scan all ECE networks. Scanning software will attempt to connect to each ECE IP address to see if it’s active, and if it is, it will try to determine what ports and services are open. From that point, the scanners will try to determine details about the applications (e.g., services, daemons) using those ports.
The two scan sources are
1. SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits)
2. UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public
Each source scans two scopes: one for all ECE VLANs, and the other for dedicated server VLANs. The scans are performed at the network level, and do not perform application vulnerability scanning. The scans are not expected to adversely affect ECE IT production services (e.g., Mail, home directories, websites).
If you have additional questions, please don’t hesitate to ask the ECE IT Support Team.
Thank you for your attention.
