General structure of vulnerability-scanning effort

• goal: identify machines that can be easily compromised remotely
• semi-automated scanning for specific single vulnerabilities
• Windows: file sharing, IIS; Unix: RPC, ftpd, Kerberos; CGI
• combination of our own software and some existing free software

Some constraints

• anyone at MIT can connect any type of machine to the network
• IS (from MIT central administration) lacks universal access
• usually user's only choice is to expose machine to Internet
• connectivity shutoff can affect over 1000 innocent machines

Funding status

• IS budget for this is small (much less than 0.1 FTE)
• spring 1998 to spring 2000: some de facto DOE funding
• a lot of team-member time spent on this is not compensated

Copyright 2000, Massachusetts Institute of Technology. All rights reserved.
The term "Windows" above refers to the Microsoft® Windows® operating system. Microsoft® and Windows® are registered trademarks of Microsoft Corporation in the United States and other countries.