...
- If notified by OIT Security about a potential vulnerability, act quickly to respond and correct the problem or work with them to think of possible mitigating controls until a fix can be produced.
- Configure audit logging and retention at an appropriate level such that a scan will not completely wipe out prior recent log data, not just for these scans but also for the inevitable time when a real hacker will attempt to attack your system. Audit logging retention settings will vary depending on system.
- Don't panic but treat these scans like you would any other possible attack, we will intentionally not publish the times and sources of these scans.
- Don't specifically block IPs of scans in a blacklist manner, because the real hackers will use different IPs and methods each attack. Instead if you can limit access, do it in a comprehensive way only allowing a whitelist of IPs and users that should have legitimate access.
If you have any questions or concerns, please email security@uci.edu