Vulnerability Scanning for Schools
Find security gaps before attackers do with professional vulnerability scanning and penetration testing from SchoolCare. Regular scanning is a DfE requirement and essential for maintaining Cyber Essentials certification, keeping your school's defences verified and up to date.
Our Scanning & Testing Services
External Vulnerability Scanning
Comprehensive automated assessment of all internet-facing systems including web servers, email gateways, VPN gateway, and remote access portals. Our external scans perform full port enumeration, service fingerprinting, SSL/TLS configuration analysis, and cross-reference discovered services against the latest CVE databases. We check for common misconfigurations, default credentials, outdated software versions, and exposure to known exploit frameworks — giving you a clear picture of your attack surface as seen by potential threat actors.
Internal Vulnerability Scanning
Authenticated assessment of your internal network infrastructure, servers, and endpoints. Our internal scans use credentialed access to perform deep inspection — checking patch levels against vendor advisories, auditing group policy configurations, identifying unnecessary running services, testing for privilege escalation paths, and reviewing file share permissions. We also assess VLAN segmentation between staff, student, and management networks to ensure proper isolation.
Wireless Security Assessment
Thorough assessment of your wireless infrastructure covering encryption standards (WPA2/WPA3 Enterprise), certificate-based authentication configuration, and RADIUS server security. We perform rogue access point detection, test for evil twin attack susceptibility, review SSID segmentation between staff, student, and guest networks, and validate that wireless traffic cannot traverse network boundaries. Signal leakage beyond site boundaries and guest network isolation are also assessed.
Penetration Testing
Controlled, simulated attacks conducted by our certified security specialists following OWASP and CREST methodologies. Penetration testing goes beyond automated scanning — our testers manually attempt to exploit discovered vulnerabilities, chain attack paths together, and demonstrate real-world impact. This includes web application testing, social engineering vectors, lateral movement within the network, and attempts to access sensitive data such as student records and financial systems. You receive a detailed report with evidence, risk ratings, and prioritised remediation guidance.
Recommended Schedule
External Scanning
At least quarterly to identify new vulnerabilities as they emerge and ensure internet-facing systems remain secure.
Internal Scanning
Annual gap assessment and annual internal scanning to review internal network security.
Wireless Assessment
Initial assessment and on implementation of any changes, to ensure network segmentation and encryption remain effective.
Full Penetration Test
Every two years, or after significant infrastructure changes, to provide the most thorough assessment of your defences.
What You Receive
Every scan produces a comprehensive report including an executive summary for SLT and governors, detailed technical findings for IT staff, a prioritised vulnerability list with risk ratings, remediation recommendations, comparison against previous scans, and DfE compliance mapping. External scans start from under £500 per quarter with bundle pricing available.
Find the Gaps Before Attackers Do
Contact SchoolCare to discuss a scanning schedule tailored to your school or trust.
Ready to Transform Your School’s ICT?
Contact us today for a no obligation quote. Our team of experts are ready to help.