1. Abstract
Network scanning is frequently used in attempts to penetrate information resource security. To further responsible computing, these guidelines restrict network scanning activity except in limited circumstances.
2. Definitions
2.1 Network Scanning is the process of transmitting data through a network to elicit responses in order to determine configuration state about an information system.
2.2 Network Vulnerability Scanning is the conduct of network scanning of an information system to determine the presence of security vulnerabilities in the information system.
3. Guidelines
3.1 The Computing and Information Services (CIS) Network Group will, from time to time, conduct network scans and network vulnerability scans of devices attached to the Texas A&M University network. Information gathered will be used for network management, including notifying owners of vulnerabilities, determining incorrectly configured systems, validating firewall access requests, and gathering network census data.
3.2 Except as provided in 3.1, no network scans or network vulnerability scans may be conducted except by the owner of the information resource being scanned. In no case may network scanning traffic transit a router maintained by the CIS Network Group.
3.3 Except as provided in 3.1, network scans and network vulnerability scans may only be conducted by University employees designated by the organizational unit head responsible for the information resource. Network scans and network vulnerability scans may not be conducted by student systems in the Resident Halls.
3.4 Other exceptions to these guidelines may be authorized only by Director, CIS, or designee.