Versions Compared

Old Version 8

changes.mady.by.user user-4c7ff

Saved on

compared with

New Version 9

changes.mady.by.user user-4c7ff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Check the “Vulnerability scan schedule” to see what’s on the list for the current month

  2. Copy all the links listed for that month



  3. In the code, comment out any automatic emails so they won’t get sent.

  4. Check the .htaccess file to make sure that the itsoscan security office can access the sites.
    Remove the #(hashtag) in the “require shib-attr uid itsoscan” line to allow them to scan with Duo disabled.



  5. To scan the Intranet you will need to remove the comment out commands, circled in yellow below, from the command on line 24 circled in red below.
  7. TURN OFF DEBUGGING on the test servers to be scanned.

  8. Send an email to security-services@cornell.edu requesting a scan.

    Please run a security scan on our test sites https://testspi.aad.cornell.edu/ and https://testconnect.aad.cornell.edu/ at your earliest convenience. We have prepared for it by confirming that “itsoscan” has permission, turning off notifications and disabling the automated emails.

  9. Check the reports that come back for any issues more than low-level risk

  10. When any issues are dealt with save the zipped scan reports in Cornell Box,  aad-wsux, Security Scans folder. This folder should be locked down to aad-wsux team and Lisa Stensland (aad IT security contact).

...