When your task is to set up and request a Security Scan for any of the Non-WordPress sites.
Scans happen every month except November
Web Dev Schedule https://docs.google.com/spreadsheets/d/1Ol1rg1LZ6FjlFvz8ViCSg83pBb-5sShzuyxmc_Hg_oU/edit#gid=0
Vulnerability scan schedule https://docs.google.com/spreadsheets/d/1ABb68I7LHtG2fIh2CiMAMC_L45QUVfqP0bJfqkqW0NM/edit#gid=0
Security Scans archive: https://cornell.box.com/s/jeekdk83wpvrwe9daeu3aniyvlg9v70s
Copy all the links listed for that month
NEW—The email port is changed from 25 to 999 within the ColdFusion admin for each instance on Media3 servers, both test and dev.
To set them back to 25 when ready, you can log into each instance and under the server settings there is a mail option. Once you click on that, you will see the mail port listed as 999. You can update this to 25 and click submit changes. You will need to do this to the other 2 CF instances as well. You may have to check your code too. If you specify server and port in your cfmail code, that will override the settings you are doing. Please let us know if you have any questions.
Check the .htaccess file to make sure that the itsoscan security office can access the sites.
Remove the #(hashtag) in the “require shib-attr uid itsoscan” line to allow them to scan with Duo disabled.
Send an email to security-services@cornell.edu requesting a scan.
Please run a security scan on our test sites https://testspi.aad.cornell.edu/ and https://testconnect.aad.cornell.edu/ at your earliest convenience. We have prepared for it by confirming that “itsoscan” has permission, turning off notifications and disabling the automated emails.
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|