1. Home
  2.  » 
  3. Information Security Services
  4.  » Vulnerability Management Program

Vulnerability Management Program

UCI’s Vulnerability Management Program allows you to proactively discover potential weaknesses or vulnerabilities in your host, network and web applications. Once identified, you can take steps to address these vulnerabilities before they can be taken advantage of by those with malicious intent.

Click the sections below to learn more about the vulnerability management program, the UCI Network Disconnect Procedure, how to report a vulnerability, and how OIT can help keep your systems and the network secure.

 

 

Vulnerability Management Program

UCI offers several services and tools as part of the vulnerability management program, including Tenable SecurityCenter, our campus host-based vulnerability scanning software, and HCL AppScan, our web application vulnerability tool.

Tenable SecurityCenter

The Office of Information Technology (OIT) security team runs regular campus-wide vulnerability scans using Tenable SecurityCenter. When vulnerabilities are discovered on campus systems, the appropriate groups are notified so they can take action.

Regular reporting is provided to groups on campus to keep them informed on their current vulnerability status. In addition, a self-service option is offered in SecurityCenter to run custom scans.

How do I request access to SecurityCenter?

  • Visit the Information Security Service Request Catalog to submit the “Tenable SecurityCenter Vulnerability Management Tool Access Request” form.
    Please allow up to 3 business days to process your Tenable SecurityCenter requests.

 

How do I use SecurityCenter?

 

What if I need clarification about the information provided?

 

HCL AppScan

HCL AppScan can be used to perform in-depth analysis of web applications to identify coding errors that could lead to an application being vulnerable to attack.

Scans using HCL AppScan are performed by request from the OIT Security team. Contact OIT at https://www.oit.uci.edu/help/security/ for more information.

How can I get a more in-depth assessment of my web application security vulnerabilities?

 

 

Network Disconnect Policy

Users are responsible for making sure their devices comply with the University’s Minimum Security Standards before connecting a device to the campus network. If a system is found not to have these security measures, their access to the network could be disconnected.

Within our vulnerability management tools, we have identified campus contacts for the various areas of campus. These contacts are responsible for notifying OIT if there are any changes to the designated campus contact.

Vulnerability reports are auto generated and sent to campus contacts to keep them informed of the various vulnerabilities discovered on their assigned systems. The reports also highlight the systems of the highest importance, including those that are affected by the Network Disconnect Policy.

Network Disconnect Scenarios 

Network disconnect scenarios are a combination of the following factors:

  • Vulnerability Severity – Quantifies the risk and urgency of a vulnerability. Click here for more information.
  • Exploitable – Whether a widely known exploit is available for the vulnerability and being actively used to compromise systems.
  • Internet Exposed – Whether the service is exposed to the Internet.

Based on the severity of information security threats and the need to protect UCI assets, the following scenarios are subject to the Network Disconnect Policy:

Network Disconnect Scenario Action Taken
Vulnerability Severity Exploitable Internet Exposed Disconnect –
Prior to 12/31/2021
Disconnect –
Effective 12/31/2021
Disconnect –
Effective
3/31/2022
Critical Yes Yes or No Yes Yes Yes
Critical Unknown Yes No Yes Yes
Critical Unknown No No No Yes
High Yes Yes or No Yes Yes Yes
High Unknown Yes No Yes Yes
High Unknown No No No Yes

Hosts with vulnerabilities that meet the guidelines listed in the Network Disconnect Policy will be disconnected from the network per the Network Disconnect Notification Procedure if not addressed within the specified time frame. Regaining access to the network will be contingent upon providing documentation to the OIT that the vulnerability identified has been addressed.

Network Disconnect Notification Procedure

Campus contacts will be notified of systems that do not meet the security measures before network access is suspended, allowing time to address the identified issues.

When an automated vulnerability report is received from SecurityCenter, the following Network Disconnect Notification Procedure applies:

  1. First Notification from OIT (After discovered date)
  2. Second Notification from OIT (After 1 week)
  3. Third Notification from OIT (After 2 weeks)
  4. Final Notification from OIT / Network Disconnect (After 3 weeks)

Verification and Network Restoration Procedure

Use the OIT Blocked List tool to look up a system by MAC address to see whether and why a host was blocked. To regain access to the network, contact OIT to verify that the vulnerability is being addressed. Once verified, OIT will restore network access within 24 hours.

 

Report a Vulnerability

If you identify a vulnerability in a UCI-managed domain that is not already listed on the vulnerability report, send an email to security@uci.edu.

 

How Can OIT Help?

Does OIT provide assistance for keeping systems patched?

  • OIT provides Computing Support Coordinators access to a patching tool. Please contact OIT at https://www.oit.uci.edu/help/ for more information.

Can I get help with addressing vulnerabilities on my systems?

  • Based on priority, and the type of vulnerability, OIT Security staff can provide temporary technical support with remediating system vulnerabilities.. Please contact OIT at https://www.oit.uci.edu/help/security/ for more information.

 

Relevant Campus Policies 

More information on the relevant campus policies can be found here: