In an effort to expedite the identification and remediation of system vulnerabilities on the Penn State network, the University deployed a vulnerability scan manager/aggregator/analyzer called SecurityCenter. Console access is given to select IT staff, allowing them to manage and analyze vulnerability scans within their unit’s assigned IP space. Among other things, this allows them to secure hosts prior to deployment and to secure existing assets against newly identified threats. It also allows units to identify and remediate vulnerabilities prior to submitting requests for compliance scans performed by the Office of Information Security (OIS). OIS continues to be the final arbiter for all compliance scans, including AISGI, AD19, and PCI scans.
SecurityCenter is not a scanner. It manages scans across multiple Nessus vulnerability scanners and then aggregates the data for analysis. Scans are governed by asset lists (which consist of IP ranges) and repostories, which are used to store the vulnerability data collected by the scanners. In our deployment, each unit is assigned a root access list (consisting of all the IP Ranges assigned to the unit by TNS) and one repository.
If your unit is not currently subscribed to the self scanning service, you may gain access by asking your IT/network manager to submit a request via the Web Application and System Vulnerability Assessment Request Form, confirming agreement with the service MOU (https://wikispaces.psu.edu/display/vulnscan/MOU). This request should also contain a list of approved users and specify the IP ranges that your unit wishes to scan.