Dear Physics Dept. Computing Reps., If you have network attached storage (NAS) devices or processing servers attached to the College network that are either hosted in one of the College's Data Centres (DCs) or on one of the College's campuses, please see the email below. Please note, the intention is to check for security vulnerabilities only, and whilst compliance with this request is currently on a good-will basis, there are clear indications that those who do not allow their servers to be scanned for vulnerabilities may find their servers are banned from the College network in future. I would strongly advise you, or those in your research group responsible for managing your servers to be proactive and get in touch with Elton. This is a college-wide exercise instigated by the senior most members of the College as there is great concern over the security of the servers they (ICT) have little visibility of. In addition to the security vulnerability scans, ICT has plans to roll out a remote management application ("Device42") that may reduce the day-to-day monitoring type activities of servers on the network (e.g. looking for failed hardware, corrupt or full filesystems, etc.). This will be optional, but appears to be a positive step towards ICT providing more support for research group computing for those of us that have our own servers for whatever reason. More details on that once the roll out and benefits / implications become clear. I would be grateful if this applies to your research Group (i.e. you have NAS devices, etc.) that when you reply to Elton's email below that you CC me on your reply so that I am aware of your participation/cooperation. Any questions about the security scanning above, I would suggest directing these to Elton in the first instance. Many thanks, Rich From: Sheffield, Elton <e.sheffield@imperial.ac.uk> Sent: 13 April 2021 11:34 To: Sheffield, Elton <e.sheffield@imperial.ac.uk> Cc: Lax, Andy J <a.lax@imperial.ac.uk> Subject: Vulnerability Scanning of Servers Hi As ICT presented in the "Data centre Hosting/ICT Strategy & support" meeting on the 11th of March, as part of ICT's commitment to providing world-class services we've been looking at the footprint in our Data Centres and how we can best support the wider organisation. To that end, we are initially looking to vulnerability scanning all servers within the data centre to ensure our environment is secure. The service uses agentless technology, so we would only require a login to your servers with basic permissions (for some functionality there can be optional elevated permission), the overheads of the scanning are very low as the scans only run daily. By scanning your servers we will be able to identify and report on any security vulnerabilities, and the reports will include details of the vulnerabilities as well as guidance regarding how you can address the vulnerabilities, this will allow you to act and rectify any security risks before they are exploited. This scanning will also highlight any missing OS or application patches so they can be applied promptly (for those interested this can also help support Cyber Essentials Plus or the DSP Toolkit submissions). The following link will give you an overview of the NESUS scanning platform, as well as information about the permissions required. https://docs.tenable.com/nessus/Content/NessusCredentialedChecks.htm https://www.tenable.com/products/nessus/nessus-professional-b For each department, we'll create a separate set of SSH keys for access to Linux servers, and for any Windows servers we'll create separate AD accounts (if you don't use the central AD service, we will need you to create a user for us), to allow us to set up these items could you confirm the OS types you are running, and also if you have any virtualisation layers? Regards Elton IT Security Incident and Event Management SME