UH Server Registration Program

Annual Server Registration Requirements

All servers (such as email, web, FTP, or other file services) operating on the University of Hawaii network must be:

  • Reported in the Server Registration database
  • Continually scanned and remediated for vulnerabilities and missing patches (at a minimum, annually)
  • Scanned for PII which includes Social Security Numbers, Driver's License Numbers and/or credit card or bank account information on a regular basis (at a minimum, annually)
  • If the server does contain PII, it must be reported, as required by HRS §487N

Note: Servers that are not registered, scanned and remediated will not be permitted to operate on the UH Network. ITS will proactively seek out active servers throughout the UH network by performing network and vulnerability scans. ITS will attempt to provide warning before blocking unregistered active servers that are found.

2019 Server Registration must be completed by September 20, 2019

Servers are considered "completed" when all information is filled out and scan dates are between 1/1/2019 - 09/20/2019.

Server Registration

The Server Registration database can be accessed here: https://www.hawaii.edu/its/server/registration/.

In order to complete server registration, you will need to:

  1. Verify any information about currently registered servers
  2. Perform a vulnerability scan of your server
    • Remediate/patch any vulnerabilities discovered
  3. Scan for Personally Identifiable Information (PII)
    • If found, fill out a UH Annual Personal Information Survey
  4. Enter the dates scanned in your server registration record, and acknowledge the terms

PII Scanning:

The University of Hawaii has licensed Spirion https://www.hawaii.edu/askus/1297, a software product for Windows and Macintosh systems, to search for social security numbers, credit card numbers, birthdates, driver’s license numbers, etc. If you have a UNIX/Linux system, you will need to use another utility: Find_SSN: http://www.hawaii.edu/askus/1323. Another option is to mount the UNIX/Linux filesystem on a Window or Mac system. From there you can run Spirion, and have it scan the mounted filesystem.

If Spirion or Find_SSN detects PII: Per Hawaii State Law and UH Policy, if your server contains a repository of PII, it must be reported using the UH Annual Personal Information Survey located at: https://www.hawaii.edu/its/information/survey/. (You will be required to login with your UH username and password.)

Vulnerability Scanning:

To scan for vulnerabilities, use the ITS OpenVAS vulnerability scanning system. This is an open-source vulnerability scanning tool that will return a fairly detailed, technical report. It can be found at: https://openvas.hawaii.edu.

An OpenVAS guide is available at https://www.hawaii.edu/askus/1772.

You must remediate all critical vulnerabilities before completing your server registration. For information about securing your servers, please visit http://hawaii.edu/infosec/sadev/.

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 1312
Created: Tue, 28 Jun 2011 3:54pm
Modified: Mon, 19 Aug 2019 3:52pm