UW-Madison - IT - Vulnerability Scanning Policy
The Vulnerability Scanning Policy applies if you connect a computer or device of any kind and by any means to the UW-Madison network.
Background and Policy
In a campus-wide effort to reduce IT security risks and supplement existing security practices, DoIT will schedule periodic vulnerability assessments that consist of scanning campus computers for well-known high-risk exposures. In addition, DoIT may scan for vulnerabilities that are under current attack, e.g. codered, slammer worm, etc as needed.
This applies to all computers connected to the University campus network, including but not limited to those located in the residence halls as well as remote computers accessing the UW-Madison network through WiscWorld dial-in, DoIT DSL or DoIT cable modem service.
The vulnerability assessments will include selective probes of communication services, operating systems, and applications to identify high-risk system weaknesses that could be exploited by intruders to gain access to the network. The assessments will not search the content of personal electronic files on the scanned computers. In addition, the scans should not cause network outages although IT administrators may see log entries of the scans reflected in their logs.
Issued by the UW-Madison Vice Provost for Information Technology.
EnforcementThe University reserves the right to suspend access to preserve the integrity of the network.
Please address questions or comments to firstname.lastname@example.org.
ReferencesIT Policy Glossary: https://kb.wisc.edu/itpolicy/glossary
IP numbers that originate scans: https://kb.wisc.edu/vulnerability/internal/page.php?id=59054
Effective: Aug, 2007
Revised: Aug, 2007 Rev B
Reviewed: Nov, 2019
Review by: Mar, 2017
Maintained by: Office of the CIO, IT Policy
History at: https://kb.wisc.edu/itpolicy/cio-vulnerability-scanning-history
Reference at: https://kb.wisc.edu/itpolicy/cio-vulnerability-scanning-policy