UH Server Registration Program
As directed by the senior administration of the University of Hawaii and all campuses, UH is implementing a Systemwide Information Security Program to better protect sensitive information at UH. Some key elements of the Information Security Program include:
- required registration of servers operating on the network which include all email, web, ftp, or other file servers
- required scanning for Personally Identifiable Information (PII) which include Social Security Numbers and credit card numbers
- ongoing scanning of servers for vulnerabilities and missing patches
- annual reporting of any repositories of sensitive information, as required by Hawaii Revised Statutes
To learn more about protecting sensitive information at UH, visit: http://www.hawaii.edu/askus/1266
Servers are inherently used to store information. Sensitive, personal information may inadvertently be placed on these servers at any time. To protect information stored on these servers, they are required to be scanned & remediated for vulnerabilities and sensitive information on a regular basis (at a minimum, annually).
The administrator of any server on any UH campus should go to:http://www.hawaii.edu/its/server/registration/ to register all servers under your purview.
Annual Server Registration Requirements
- Verify and correct any information about currently registered servers
- Perform a vulnerability scan of your server
- Remediate/patch any vulnerabilities discovered
- Scan for PII
- Enter the dates scanned in your server registration record, and acknowledge the terms
Note: Servers that are not registered, scanned and remediated will not be permitted to operate on the UH Network. ITS will proactively seek out active servers throughout the UH network by performing nmap and OpenVAS scans. ITS will attempt to provide warning before blocking unregistered active servers that are found.
2017 Server Registration must be completed by September 15, 2017
Servers are considered "completed" when all information is filled out and scan dates are between 1/1/2017 - 09/15/2017.
To scan for vulnerabilities, use the ITS OpenVAS vulnerability scanning system. This is an open-source vulnerability scanning tool that will return a fairly detailed, technical report. It can found at:
Single Scan: http://openvas.hawaii.edu/cgi-bin/myopenvas - Will only scan the computer you are currently using, so please visit the website on the server you would like to scan.
Batch Scan: http://openvas.hawaii.edu/batchopenvas/ - Authorization required. Follow the steps on the page to obtain access. This will scan multiple IP addresses. Please limit to 10 IPs at once.
You must remediate all critical vulnerabilities before completing your server registration.
For information about securing your servers, please visit http://hawaii.edu/infosec/sadev.html
To determine if your server contains PII or not, a scan using Identity Finder or Find_SSN will be required. Identity Finder is available for Windows and Mac. To learn more, visit http://www.hawaii.edu/askus/1297. To scan Linux or Solaris servers use Find_SSN. To learn more about Find_SSN, visit http://www.hawaii.edu/askus/1323.
If your server contains PII, ensure that a corresponding Information Survey is filled out.
Frequently Asked Questions
A list of Frequently Asked Questions about server registration and scanning is available at: http://www.hawaii.edu/askus/1305