It is difficult to promote cyber security measures in research institutes, especially in DMZ network that allows connections from outside network. This difficulty mainly comes from two types of variety. One is the various requirements of servers operated by each research group. The other is the divergent skill level among server administrators. Unified manners rarely fit managing those servers.
One of the solutions is vulnerability management. To address the challenges, our approaches are as follows. One is to offer a simple and powerful vulnerability management service to administrators of DMZ hosts (DMZ admins). The other is flexibility and efficiency in the development process of the service.
To achieve the requirements, we designed and developed a vulnerability management portal site for DMZ admins, named DMZ User's Portal. This talk presents the design of DMZ User's Portal and the development process with a development framework, named DBPowder. Using the DMZ User's Portal, each DMZ admin can perform vulnerability scan on his/her own servers with ease. Then, each DMZ admin can grasp and manage the security by himself/herself. Also, we are developing DBPowder object-relational mapping (ORM) framework for the flexibility and efficiency in the development process of DMZ User's Portal.