ITS Policy on Network Security Scanning

Reports of network break-ins, denial of service attacks, and other security breaches are frequently in the news. As part of the University System's stewardship of the state-wide network, ITS performs occasional security scans to identify compromised machines and machines with known vulnerabilities. Problems can then be proactively addressed.

This is not a theoretical issue. Machines within the University network have been compromised, used in denial of service attacks, as spam relays, and to compromise other machines.

Often, compromised machines have back doors installed that operate on specific ports or respond with known signatures. When one of these is detected or when ITS is made aware of its existence, a scan can quickly identify other similarly compromised machines.

Periodic unannounced scans will be done as a matter of policy for the purpose of identifying and correcting security exposures. These scans are performed by ITS from a machine called security-scanner.unet.maine.edu or a similar name so it is clear that the scan is being done by ITS and not by an attacker.

ITS will also do scans on request and provide the results to those responsible for campus or departmental networks.

10/21/09