Norwich U Pares Down Network Vulnerabilities

Norwich University has gone public with its deployment of Rapid7's NeXpose to expand network visibility. In the process, the private military college said in a statement, it eliminated 1,500 vulnerabilities in its IT infrastructure. The school uses the software to scan for and prioritize network threats, validate policy levels, and discover software vulnerabilities on its servers and operating systems.

The university's computer infrastructure includes dorm rooms outfitted with wired and wireless connections and a recently overhauled campus-wide wireless network. Within the first day of deployment, IT administrators did a scan of the entire network, which runs both Windows and Linux, and identified some 3,000 network vulnerabilities, each ranked by threat level and impact. Starting with the most critical issues, the IT staff was able to eliminate more than 1,000 of the vulnerabilities within the first month, eradicating another 500 by the close of the second.

"Our infrastructure is complex and continuing to grow," said Jeremy Wood, information security analyst. "Because of its size, we did not have complete visibility into our environment, and it was also difficult to complete manual audits of our infrastructure for the in-depth analysis we needed to manage our risk. Rapid7 provides a complete risk profile for our entire environment and then prioritizes which vulnerabilities need to be addressed immediately. We've significantly reduced our number of vulnerabilities and increased our efficiency."

The university is also using NeXpose to test its security policies and identify violations, such as guessable passwords and file permissions and to audit which accounts are available on each system.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • silhouetted human figures stand opposite a glowing digital brain, surrounded by abstract circuits and shadowy shapes

    Global Tech Execs Expect Advancements in AI to Increase Security Threats

    Forty-one percent of global tech executives in a recent NetApp survey said they believe advancements in AI will significantly increase security threats. The firm's second annual Data Complexity Report points to 2025 as "AI's make or break year."

  • network of transparent cloud icons, each containing a security symbol like a lock or shield

    Okta, OpenID Foundation Propose New Identity Security Standard

    Okta and the OpenID Foundation have announced the formation of the IPSIE Working Group — with the acronym standing for Interoperability Profiling for Secure Identity in the Enterprise — dedicated to a new identity security standard for Software-as-a-Service (SaaS) applications.

  • Two figures, one male and one female, stand beside a transparent digital interface displaying AI symbols like neural networks, code, and a shield, against a clean blue gradient background.

    Report Makes Business Case for Responsible AI

    A new report commissioned by Microsoft and published last month by research firm IDC notes that 91% of organizations use AI tech and expect more than a 24% improvement in customer experience, business resilience, sustainability, and operational efficiency due to AI in 2024.

  • man with clipboard using an instrument to take a measurement of a cloud

    Internet2 Kicks Off 2025 with a Major Cloud Scorecard Update

    The latest release on Internet2's Cloud Scorecard Finder website previews new features that include dynamic selection criteria and options to explore multiple solutions side-by-side. More updates are planned in the new year.