Scanning Tools
To reduce IT security risks and supplement existing security practices, OCIS periodically conducts vulnerability scans on campus computers to search for well-known, high-risk exposures. OCIS can perform both host-based and web application scanning. You can also use our web-based service to submit basic vulnerability scans against your machines and have the scans sent back via email.
User Scanning/Self-Compliance Tools
Scan Your Own Computer with Nessus (Valid NetID Required)
Nessus is an open source vulnerability scanner used by organizations world-wide. DoIT provides a web interface to Nessus scanning software that campus can use to run basic vulnerability scans against their machines and have the scans sent back via email. The scan will inform you of the number of security holes, warnings and notes found on your computer, among other things.
Simply click on the link above, and enter the requested information. If you don’t know your IP address, and have Windows, click the lower left Start button, then Choose Run. Enter "cmd." At the C:\> prompt, enter "ipconfig" and hit enter. This will provide you with your IP address.
Watchfire AppScan (Valid NetID Required)
The Web Application Vulnerability Scan service allows administrators to scan their web servers for common vulnerabilities, e.g. cross side scripting, sql injection, etc., and have a report of any found issues sent to their email address. The scan engine used is Watchfire's AppScan with a default configuration.
Microsoft's Windows Live OneCare
Trend Micro's HouseCall
Other Scanning Information
Centralized Campus Scanning
This applies to all computers connected to the University campus network, including but not limited to those located in the residence halls, as well as remote computers accessing the UW-Madison network through WiscWorld dial-in, DoIT DSL or DoIT cable modem service.
Microsoft Baseline Security Analyzer
DoIT Scanning IPs