Difference between revisions of "Network Security Audit (Feb 2014)"

From ECE Information Technology Services
Jump to navigationJump to search
Line 7: Line 7:
 
'''Why is this activity occurring?'''
 
'''Why is this activity occurring?'''
  
The network security audit will provide ECE stakeholders with information about the Department’s network attack surface.  
+
The network security audit will provide ECE stakeholders with information about the Department’s network attack surface. Future security planning and network design are expected to benefit as a result of this activity.
  
 
'''What can I expect during this activity?'''
 
'''What can I expect during this activity?'''

Revision as of 13:22, 12 February 2014

Dear ECE Faculty, Students, and Staff,

What is this activity and when will it occur?

All ECE TCP/IP networks will experience internal and external network security scans at various times starting February 11th and ending February 21st 2014.

Why is this activity occurring?

The network security audit will provide ECE stakeholders with information about the Department’s network attack surface. Future security planning and network design are expected to benefit as a result of this activity.

What can I expect during this activity?

No network outages are planned. While the network scans will not mimic a Denial of Service attack, it may antagonize intrusion detection systems.

Do I need to do anything during or before this activity?

No action is required on your part.

Support

ECE IT staff are available to assist you with any difficulties you may experience as a result of this activity. Please follow the instructions found at http://help.ece.ubc.ca/How_To_Report_A_Problem or, if e-mail is unavailable, please visit us in MacLeod 105.

Additional Background Information for the Change

Two different sources will scan all ECE networks. Scanning software will attempt to connect to each ECE IP address to see if it’s active, and if it is, it will try to determine what ports and services are open. From that point, the scanners will try to determine details about the applications (e.g., services, daemons) using those ports.

The two scan sources are

1. SFU, initiated by BC.NET/UBC Network Management Centre – this gives us an external view of the ECE environment (firewall should block most hits)

2. UBC, initiated by the UBC Network Management Centre, with the source IP allowed past the ECE firewall – this will give the scanner full access to ECE networks, and will gather results for devices and services that may not be exposed to the public

Each source scans two scopes: one for all ECE VLANs, and the other for dedicated server VLANs. The scans are performed at the network level, and do not perform application vulnerability scanning. The scans are not expected to adversely affect ECE IT production services (e.g., Mail, home directories, websites).

If you have additional questions, please don’t hesitate to ask the ECE IT Support Team.

Thank you for your attention.