Campus-wide Discovery Scanning

ISO Position Paper

Position Title: Campus-wide Discovery Scanning

Position Audience: Princeton IT Professionals

Contact: Information Security Office: InfoSec@princeton.edu

Position Release Date: January 4, 2017


Problem Statement

According to the SANS Critical Security Controls, it is important to have an accurate inventory of
the assets on your network. The top three controls listed fall into this category. Currently, the
University only has a list of assets and their corresponding OS if they are part of a Princeton
managed environment through the use of two widely used tools for Windows and Mac
environments. The University currently lacks insight into systems that are not managed by these
tools. Systems that are running an OS, software or browser that is no longer supported by the
vendor pose a risk to the University and should be identified to determine if the risks associated
with running an unsupported operating system are appropriately mitigated to protect University
data.

ISO Position

The ISO will periodically scan the entire University IP address space to determine the current
state of the systems that are on the network. These scans will be performed using University
approved tools. Appropriate channels will be used to alert the University technical community
prior to the scans taking place.
Upon completion of the scan, notification will be sent to appropriate technical contacts if their
systems are found to be running an outdated OS, software or browser that poses a risk to
Princeton. Assets running unsupported components should either be removed from the network
or further protected using compensating controls.

Additional Information

The Information Security Office can assist with determining and analyzing compensating
controls. Inquiries should be directed to infosec@princeton.edu.

Data classification: Public