The 10.x networks are not visible from outside U-M, thus they represent a more secure approach for these devices. However the vulnerabilities still exist and can still be exploited from within U-M networks.
If you have devices that do not need to be visible from outside of the U-M networks, consider placing them on the 10.x network. Examples include printers, sensors, and especially devices with vulnerabilities that cannot be patched. Contact [email protected] if you need help on how to accomplish this. Note that IA scans and reports on vulnerabilities on the 10.x networks. Thus, for devices with vulnerabilities that cannot be patched or mitigated, please document these on this webform. You only need to fill out an “exclusion” on a 10.x device once. When you do it means:
- There is still a business case for the device being on the network.
- The device will still be part of routine vulnerability scans conducted by the IA-Vulnscan team.
- You are still responsible for the device.
- You must still monitor these vulnerabilities for new changes.
- You are expected to continue to look for mitigations as technologies and products evolve.
- You can exclude the device from further mitigation work until the next scan assuming all the previous points are still true.