UH Server Registration Program
As directed by the senior administration of the University of Hawaii and all campuses, UH is implementing a Systemwide Information Security Program to better protect sensitive information at UH. Some key elements of the Information Security Program include:
- required registration of servers operating on the network which include all email, web, ftp, or other file servers
- required scanning for Personally Identifiable Information (PII) which include Social Security Numbers and credit card numbers
- ongoing scanning of servers for vulnerabilities and missing patches
- annual reporting of any repositories of sensitive information, as required by Hawaii Revised Statutes
To learn more about protecting sensitive information at UH, visit: http://www.hawaii.edu/askus/1266
Servers are inherently used to store information. Sensitive, personal information may inadvertently be placed on these servers at any time. To protect information stored on these servers, they are required to be scanned & remediated for vulnerabilities and sensitive information on a regular basis (at a minimum, annually).
The administrator of any server on any UH campus should go to:http://www.hawaii.edu/its/server/registration/ to register all servers under your purview.
Annual Server Registration Requirements
- Verify and correct any information about currently registered servers
- Perform a vulnerability scan of your server
- Remediate/patch any vulnerabilities discovered
- Scan for PII
- Enter the dates scanned in your server registration record, and acknowledge the terms
Note: Servers that are not registered, scanned and remediated will not be permitted to operate on the UH Network. ITS will proactively seek out active servers throughout the UH network by performing network and vulnerability scans. ITS will attempt to provide warning before blocking unregistered active servers that are found.
2018 Server Registration must be completed by September 28, 2018
Servers are considered "completed" when all information is filled out and scan dates are between 1/1/2018 - 09/28/2018.
To scan for vulnerabilities, use the ITS OpenVAS vulnerability scanning system. This is an open-source vulnerability scanning tool that will return a fairly detailed, technical report. It can found at: https://openvas.hawaii.edu.
An OpenVAS guide is available at https://www.hawaii.edu/askus/1772
You must remediate all critical vulnerabilities before completing your server registration.
For information about securing your servers, please visit http://hawaii.edu/infosec/sadev/
To determine if your server contains PII or not, a scan using Spirion (formerly Identity Finder) or Find_SSN will be required. Spirion is available for Windows and Mac. To learn more, visit http://www.hawaii.edu/askus/1297. To scan Linux or Solaris servers use Find_SSN. To learn more about Find_SSN, visit http://www.hawaii.edu/askus/1323.
If your server contains PII, ensure that a corresponding Information Survey is filled out.
Frequently Asked Questions
A list of Frequently Asked Questions about server registration and scanning is available at: http://www.hawaii.edu/askus/1305