Workgroup Investigating Proactive Approach to Vulnerability Scanning

During fall 2003, the campus deployed several methods to reduce the number of computers with vulnerable Windows RPC services or related worm infections. Among the most successful approaches was an automated vulnerability scan that occurred when users authenticated themselves to secure Web-based applications or resources. In December, a workgroup was formed to assist the campus in defining specific tasks and related resources to expand the Web authentication (DistAuth) vulnerability scanning mechanism into a more proactive tool. The workgroup's findings and recommendations are expected to be complete by March 31, 2004. For additional information, please see the workgroup charge letter (http://security.ucdavis.edu/sec_projects.cfm).