Vulnerability scanner

The IT Services department provides the SecuScan vulnerability scanner for security checks on servers in the BTU C-S campus network. SecuScan is a front end developed in-house that currently works with OpenVAS and nikto.

SecuScan checks servers for vulnerabilities that can be exploited via the network. Local vulnerabilities (such as no updates installed, no virus scanner installed or incorrect user rights) cannot be detected.

SecuScan is intended for all administrators at BTU C-S who want to check their servers for vulnerabilities. Administrators must be authorised to use SecuScan. To do so, simply send an informal email to security(at)b-tu.de.

The use of SecuScan is voluntary. However, BTU C-S servers that are to be accessible from the Internet must be checked with SecuScan and must not have any vulnerabilities in order to be approved. The check must be repeated at least once a year.

SecuScan can be accessed via the following link: https://secuscan.rz.tu-cottbus.de

Brief instructions can be found in the wiki (https://www.b-tu.de/security/wiki/index.ph) on the SecuScan page.

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo