The Vulnerability Scanning Cluster

The Security and Policy organization at Purdue University originally made vulnerability scanning services available to systems administrators in order to help them identify the weaknesses within the system they manage. This service was very rudimentary; an administrator would send a request to a security and policy analyst who would perform the scan in the evening and then e-mail the results to the administrator. These scans were performed by a single desktop workstation using the ISS Internet Scanner software. As time progressed, more and more administrators required scans to help comply with various federal and state regulations and university policies. Since vulnerability scanning software requires a significant amount of processing and network resources, this was quickly eating up large amounts of time for the analysts administering the scans. To address this, Security and Policy initially tried to implement Scanager, a Web interface from Indiana University, for the ISS Internet Scanner. To help with this, Security and Policy teamed up with Dr. Pascal Meunier's team at CERIAS that had been investigating vulnerability scanning solutions for the CERIAS Incident Response Database (CIRDB). One of the CERIAS Web developers began work to implement Scanager and adapt it to the CIRDB. However, due to the complexity of the Scanager process, and because the mod_perl front-end to Scanager would be incompatible with the php-based CIRDB, a new solution was sought. After some research and testing, the open source vulnerability scanner Nessus was chosen as an ideal tool to perform the vulnerability scans. Its client/server design was ideal for adapting to a Web interface. It took approximately six months for one developer to complete the first version of the software, based on a modified CIRDB core. Since that initial May 2003 release, many bugs have been fixed and several features have been added.