Section content mobile menu toggleSection Content

Information Security for System Administrators & Developers


Is your server registered?

If you are running a server on the University's Network, it needs to be registered per UH Policy EP 2.214. Learn more about Server Registration at https://hawaii.edu/askus/1312.


Keeping up with Security Threats


Keep up with the latest security threats and vulnerabilities by visiting and subscribing to the US-CERT website located at https://www.us-cert.gov/.

With the growing number of security threats and vulnerabilities released daily it's difficult to keep track of it all. Consider using professional security services to scan, monitor, and protect your critical website. Some professional services include

Security Tips for System Administrators


Here are several security tips to help system administrators:

  • Configure the server and applications to run with least privilege.
  • Update your systems with the latest security patches as soon as possible.
  • Ensure anti-virus is updated and working properly.
  • Ensure the firewall is working properly and rules are configured to only allow what is absolutely necessary.
  • Disable/uninstall unneeded services and programs.
  • Use secure protocols for remote access (e.g. SSH, RDP, VPN).
  • Enable extended/combined logging.
  • Frequently review system logs (e.g. webserver, application) for unusual activity.
  • Regularly monitor your system for strange processes, new files or folders, unusual filenames, wrong file permissions, etc.
  • Ensure development, test, and QA systems are secure.
  • Scan your system for security vulnerabilities regularly and remediate any issues.
  • If your system contains sensitive UH information, it needs to be registered with the UH Information Survey.
  • Keep up with security news and updates especially those that apply to your systems and applications.
  • Implement rate-limiting for failed login attempts for servers (ftp,ssh,web,etc).
  • Follow rate-limiting best practices for failed login attempts.
  • Use strong passwords for both administrator and user accounts. Read the Password Guidelines AskUs article for more information.

Security Tips for Developers


Here are several security tips to help developers secure their systems from malicious code and hackers:

  • Configure applications to run with least privilege.
  • Regularly monitor your system for strange processes, new files or folders, unusual filenames, wrong file permissions, etc.
  • Ensure development, test, and QA systems are secure.
  • If your system contains sensitive UH information, it needs to be registered with the UH Information Survey.
  • Follow secure coding best practices.
  • Sanitize user input.
  • Separate Development and Live Environments.
  • Conduct regular secure code reviews.
  • Scan code for bugs and security holes with a code analyser.
  • Use strong passwords for both administrator and user accounts. Read the Password Guidelines AskUs article for more information.

Resources


AskUS Articles

UH Links

External Links