In IT Services News No. 167 published in February 2014, we announced the introduction of a new Server Compliance Project to enforce compliance of all computer servers connected to the campus network to a set of security technical standards. The set of standards to be enforced are adopted from international security standards and practices. To enforce the standards, a piece of agent software will need to be installed on each networked server to carry out compliance assessment and detect security vulnerability on the server. A Compliance Management System will gather information via the agent software on the status of compliance of the server for reporting.
The agent software is currently available only for the most commonly used operating systems, namely MS Windows 2003/2008/2012, RedHat Enterprise version 5 and version 6, CentOS version 5 and version 6, HP-UX 11.x, and AIX 5/6. It covers around 60% of all the servers on the campus network. For servers running other operating systems, we will notify departments concerned once the agent software for those operating systems become available. The support information will also be available in http://www.its.hku.hk/services/infosec/servercompliance.
In the past few months, we have collected information from departments of their servers. We will start distributing agent software and installation procedures to departments in July. Afterwards, compliance reports will be generated quarterly by the Compliance Management System for departments to carry out remedial actions where necessary.
Tel: 3917 2488