University Wide External Vulnerability Scanning

Overview

Please Note: This page can only be viewed by hosts that are using a UBC IP address (ResNet excluded).

In order to scan for vulnerabilities in campus IT systems, UBC IT has initiated an ongoing process for external and internal IP scanning. The goal of this scanning process is to identify any security vulnerabilities.

External Scanning

Unlike the external vulnerability scanning process, previously completed by Bell, these scans will be ongoing and will be completed by UBC equipment and staff. The IP address of the scan will be coming from 206.12.15.241 and 142.231.112.27(coho.bc.net) and the scan speed will be slowed down to ensure it will not impact the network or hosts. You should not whitelist these two IP address on your firewall, but they should be whitelisted in IPS/IDS technology that block based on automated responses. External scanning tests firewall configuration as much as it looks for internet exposed vulnerabilities.

Internal Scanning

In order to scan from inside the firewall, UBC IT has initiated an internal scanning process for all UBC internal servers and systems. These scans will be ongoing and will be completed by UBC equipment and staff. The IP addresses of these scans will be coming from 142.103.198.178 and 142.103.198.186, we recommend that you whitelist these IP addresses in order for the scanners to get through the firewall. Internal scanning identifies all vulnerabilities, regardless of whether they are exposed to the internet or not.

The results of both external and internal scans will be provided to Departmental IT Administrators for review and in order to plan adequate protection against potential security breaches. The scan results will not be shared with anyone other than the corresponding system owners. To request reports for the IP addresses you manage, please fill out the request form here: https://survey.ubc.ca/s/vulnerability-scanning-report-request.


Goals

External vulnerability scanning will happen quarterly, at a minimum. Only “live” IP addresses and ports that have been identified by the nmap/masscan will be scanned. As such, out of approximately 166,000 IP addresses, less than 20,000 will be scanned. This will help limit the load across the majority of networks and systems.


Timeline

Scans will be run starting in November. Scans are expected to take between 5 and 7 weeks to complete one full cycle of the University, provided there are no interruptions or delays. Delays may arise from the announcement of new high priority vulnerabilities, which would take precedence over regular scanning activities


Support

  • UBC IT will monitor network load and traffic during these scans to watch for any issues. If you encounter a problem related to the scanning, please call the UBC IT Service Centre (ITSC) at 2-2008 or email it.security@ubc.ca.