Argonne National Laboratory Information Technology
 Search
Argonne Home > Information Technology >

Cyber Operations
Federated Model for Cyber Defense
Scavenger
Spam

IT Jobs at Argonne
Accounts and VPN

Scavenger

In 2006, the Cyber Security Program Office at Argonne National Laboratory developed a network vulnerability and remediation application called Scavenger. Scavenger is a set of web pages and scripts that detect and track vulnerabilities on the network. The Cyber Security Program Office developed Scavenger because it needed

  • A customizable vulnerability scanner,
  • The ability to use results from open source scanning packages, such as Nessus,
  • The ability to view and modify raw scanning data, and
  • The ability to scan hosts in real time.

There are two parts to the Scavenger system:

  1. The "back end" portion of the application consists of a series of scripts that use the open source vulnerability scanner Nessus. The Scavenger scripts run every couple of minutes and poll a database to see what new hosts come onto the network. When new hosts are found online, a list is compiled, and Nessus is used to scan the host for vulnerabilities. The results are then dumped into an open source MySQLdatabase. If a vulnerability needs to be answered, this script also sends e-mail to the system owner to notify them of the new vulnerabilities.
  2. The "front end" of Scavenger, also known as the web interface, consists of numerous PHP scripts that give the system owner the ability to document the way the vulnerability was resolved. When the system owner first logs into the system, he or she sees a list of open or unanswered vulnerabilities. A vulnerability may be resolved by addressing the vulnerability, accepting the risk of a vulnerability, or declaring the vulnerability to be a false positive:
    • If the system answers a vulnerability as "Addressed," it is then removed from the list.
    • If a vulnerability is answered as "Accepted," the system owner is prompted to explain why this risk is accepted and and what alternate mitigations are in place.
    • If a vulnerability is answered as "False Positive," the system owner is prompted to explain why a vulnerability is a false-positive.

The system owner can also review existing answers to see who answered it, when it was answered, and how the vulnerability was marked.

Since its creation, Scavenger has been applied to more and more network communities. Initially, Scavenger was used to detect vulnerabilities on computers on Argonne's wired network. Since then, it has been extended to detect vulnerabilities on computers using Argonne's Virtual Private Network (VPN). Compromised VPN users are immediately notified and quarantined. Additionally, wireless network users are now also inspected by Scavenger immediately upon registration.

Additional Information and Download
U.S. Department of Energy UChicago Argonne LLC Office of Science - Department of Energy
Privacy & Security Notice | Contact Us | Site Map | Search