Scanning public-facing Internet services in order to detect security- and privacy-relevant patterns and problems is becomming well-trodden ground. Typical studies attempt Internet-scale IPv4 scans, e.g., to detect uses of outdated ciphers in uses of the Transport Layer Security (TLS) protocol. More local scans (e.g., https://eprint.iacr.org/2018/299) could however produce results that are easier to translate into mitigations, where Internet service operators (e.g. web sites, mail server administrators) take action to improve their network posture. Building infrastructure to do such scans (e.g. using zmap/zgrab) in a repeatable and extensible manner, and providing ways to extract information that may be of use to asset-holders has numerous challenges. The overall project aims to build and operate such an infrastructure tailored for Ireland, but so that it could be replicated for any similarly-sized scans. Depending on expertise and resources available, an FYP or MSc dissertation could tackle various sub-problems in this space.
School of Computer Science and Statistics