IT Policies

Campus Vulnerability Scanning Policy

In a campus-wide effort to reduce IT security risks and supplement existing security practices, DoIT will schedule periodic vulnerability assessments that consist of scanning campus computers for well-known high-risk exposures. In addition, DoIT may scan for vulnerabilities that are under current attack, e.g. codered, slammer worm, etc as needed.

This applies to all computers connected to the University campus network, including but not limited to those located in the residence halls as well as remote computers accessing the UW-Madison network through WiscWorld dial-in, DoIT DSL or DoIT cable modem service.

The vulnerability assessments will include selective probes of communication services, operating systems, and applications to identify high-risk system weaknesses that could be exploited by intruders to gain access to the network. The assessments will not search the content of personal electronic files on the scanned computers. In addition, the scans should not cause network outages although IT administrators may see log entries of the scans reflected in their logs.