What should I do if my University Information Security Office security scan reports vulnerabilities?

After the University Information Security Office (UISO) security scan of your Indiana University computer is complete, you will receive email with the results. If the scan reports vulnerabilities for devices assigned to you, you will see these in the email message. The ITSO categorizes vulnerabilities as high, medium, and low risks, and urges you to correct high risks within 24 hours, medium risks within 48 hours, and low risks within 72 hours.

Locate the line "To view the full results, visit:". Beneath it you'll find a link to a web page that gives an in-depth analysis of your scan. On that page, read each detailed vulnerability, and fix it by following the instructions provided in the "Fix:" sections. If you don't understand the information in the message or the instructions to correct the vulnerabilities, or if you would like more information about evaluating your system in detail, send email to  itso@iu.edu .

Also in the message, beneath "You may view the results of this scan and other scans at:", you will see a link to one of the ITSO External System Scanning pages. From this page you can view information about computers you have had scanned, request scans for pre-authorized or new systems, and read the ITSO Scanning FAQ, available at:

Also see:

• How can I have my IU-networked computer scanned for security vulnerabilities?
• In Windows XP, how do I configure the firewall to allow ITSO vulnerability scanning?