Skip to main content

Vulnerability Assessment

Northwestern IT's Information Security Office maintains and operates a Vulnerability Assessment Program to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities in its own network infrastructure, related devices, and web services.

REQUEST SERVICE

Features and Benefits

Vulnerability assessments composition

  • Consultation on the benefits of vulnerability assessments.
  • Initial audit of a client's network infrastructure through review of documents, configurations, network diagrams, and interviews
  • In-depth network-based assessment of workstations, servers, devices, and the overall security of the network infrastructure
  • Coordination, collaboration, and general technical consulting before, during, and after the assessment.
  • Follow-up documentation/reports and additional consulting as needed after the assessment.
  • On an ad-hoc basis, educational presentations concerning topics relevant to vulnerability assessments such as reducing vulnerabilities and secure coding.

System Assessments

Systems assessment are designed for systems on the front end (laptops and desktops) and back end (servers). Scans look at operating systems vulnerabilities, as well as known issues relating to software configuration; e.g., zero day vulnerabilities, expired SSL Certificates, weak passwords, et al.

The System Vulnerability Assessment provides:

  • Ad-hoc or scheduled scans for vulnerabilities on a school’s or department’s systems.
  • Comprehensive reports with details and solutions for each vulnerability found.
  • Multiple report formats to fit the needs of reviewers.
  • Review of any existing security scans already completed by a school or department.

Web Services Assessment

Web services assessments proactively assess websites for vulnerabilities that could allow unauthorized access to sites or systems.

The Web Services Assessment provides:

  • Ad-Hoc or scheduled scans for vulnerabilities on a school’s or department’s website
  • Review for outdated software versions and other vulnerabilities, such as Cross-Site Scripting (XSS) and SQL injection
  • Printed report of assessment findings
  • Review of any existing security scans already completed by a school or department.

Note: The Web Services Assessment scan can run for a prolonged period before completion, depending upon your design. The Information Security Office will work with customers to establish a mutually agreed upon window for scanning.

Available to

Cost

Vulnerability assessment services are offered at no cost to University Clients (schools and departments). While there is no charge for these assessment services, there is an expectation that the client will take appropriate action to resolve high-risk vulnerabilities in a timely manner to prevent their exploitation. The information security team can provide some technical assistance in the remediation effort.

How to Request Service

To discuss the assessment process and options, or to request an assessment, contact the Information Security Office at security@northwestern.edu.

Support Resources

Training

The Qualys Vulnerability Management Video Series is a helpful resource for those using the Qualys CMS and looking for less advanced training on the Qualys system. These videos are designed to help get you started using the Qualys Vulnerability Management Tool. For more advanced training, sign up for in-person classes or WebEx training classes, which are free to Qualys customers.

 

Last Updated: 1 March 2019

Get Help Back to top