{"id":87880,"date":"2014-12-16T16:07:33","date_gmt":"2014-12-16T21:07:33","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=87880"},"modified":"2018-04-11T18:35:46","modified_gmt":"2018-04-11T22:35:46","slug":"vulnerability-management","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/server\/vulnerability-management\/","title":{"rendered":"Vulnerability Management"},"content":{"rendered":"<div class=\" bu-callout alignright\"><\/p>\n<h3><span class=\"tw icon-mapmarker\"><\/span> Quick Start<\/h3>\n<p><strong>Available to:<\/strong> Researchers, IT Professionals<\/p>\n<p><strong>Cost:<\/strong> No charge for the immediate future but as we begin to on board IT partners, additional licenses may need to be procured. <a href=\"https:\/\/www.bu.edu\/tech\/contact\/\">Contact us<\/a> for licensing information.<\/p>\n<ul>\n<li>See <a href=\"#GettingStarted\">Getting Started<\/a>, below.<\/li>\n<\/ul>\n<p><\/div>\n<p>Proper protection of your computing resources requires that you understand and actively manage vulnerabilities that may be exploited. IS&amp;T offers vulnerability scanning services to help you ensure that your systems are properly configured, up to date, and secure.<\/p>\n<p>Two types of scans are available: routinely scheduled and one-time on-demand scans.\u00a0We generally recommend that systems be routinely scanned\u00a0as new vulnerabilities are discovered every day, and a system that was secure yesterday might be at risk tomorrow.<\/p>\n<p>Vulnerabilities are also reduced by properly securing the operating system; this is often referred to as \u201cOS hardening.\u201d Guidance on how to properly secure Windows, Linux, OSX, and AIX operating systems to comply with industry best practices and state and federal laws and regulations is available in the <a href=\"http:\/\/www.bu.edu\/policies\/information-security-home\/data-protection-standards\/\">BU Data Protection Standards<\/a> and in the <a href=\"https:\/\/www.bu.edu\/tech\/about\/security-resources\/bestpractice\/\">best practice setup guides<\/a>.\u00a0 BU Information Security will also provide server-specific consulting, if needed.<\/p>\n<h2>Benefits<\/h2>\n<p>Vulnerability management helps protect University data, minimizes unplanned downtime, and mitigates the risk of accidental loss, unauthorized access, theft, or malicious destruction.<\/p>\n<p>Vulnerability scanning supports the above, maximizing productivity by helping system owners and administrators understand, prioritize, and address the vulnerabilities in their systems.<\/p>\n<h2>Key Features<\/h2>\n<ul>\n<li>Operating System Hardening Guides and Consulting Services\n<ul>\n<li>Guidelines are updated based on industry best practice, University policy, and legal guidance<\/li>\n<li>Information Security consulting is available to help ensure that the processes and documentation provided are understood and implemented correctly<\/li>\n<\/ul>\n<\/li>\n<li>Vulnerability Scanning Services and Program\n<ul>\n<li>One-time or scheduled vulnerability scans can be configured<\/li>\n<li>Optional (required for IS&amp;T) credentialed scans give you deeper and more accurate results, reducing false positives<\/li>\n<li>Scan results provide prioritization of vulnerabilities so the most critical issues can be addressed first<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>What to Expect<\/h2>\n<p>This service normally will be available 24 by 7 except for standard change windows, as described in <a href=\"\/tech\/about\/service\/change\/\">IS&amp;T\u2019s standard policies, procedures, and schedules for making changes<\/a><\/p>\n<h2>Requirements<\/h2>\n<ul>\n<li>Systems must be owned by Boston University and located on the BU network<\/li>\n<li>Credentialed scans require a dedicated account with elevated access to the system to be scanned<\/li>\n<\/ul>\n<h2>Getting Started<\/h2>\n<ul>\n<li><a href=\"http:\/\/www.bu.edu\/help\/tech\/security\/#task=scan-request\">Contact us<\/a> to schedule a vulnerability scan or to request more information<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability management helps protect University data, minimizes unplanned downtime, and mitigates the risk of accidental loss, unauthorized access, theft, or malicious destruction&#8230;.<\/p>\n","protected":false},"author":1356,"featured_media":0,"parent":87830,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"service.php","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87880"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/1356"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=87880"}],"version-history":[{"count":13,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87880\/revisions"}],"predecessor-version":[{"id":113699,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87880\/revisions\/113699"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87830"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=87880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}