At a Glance
 
Central Software
CityVoD - CSC Forum Archive
Software List on CSC Student LAN

Location and Floor Plan of the CSC Teaching Studio Areas
Opening Hours of the CSC
Systems Maintenance Schedule
List of Blocked Network Cards / IP Addresses
List of CSC Representatives
List of Departmental Network Administrators
Staff Computer Courses
Sitemap
 
CSC e-Forms
 
Submit CSC Work Req.
Req. for Printing
Req. for Dump / Restore
Teaching Studio Booking / Cancellation
Email Alias Application
Apply for a New Domain Name
Remove an Existing Domain Name
Modify the Hosting of an Existing Domain Name
 
Useful Links
 
OCIO Home
IT Information for Students
IT Information for Staff
IT Information for Alumni
網上中文網頁繁簡轉換
Computing Dictionary
High-Tech Dictionary
Webopedia
Web Glossary
What is?
 
Got any questions, comments or suggestions? Contact the editors at ccnetcom@cityu.edu.hk
Issue 46 - December 2005
Security Assessment Service: Analyze Network Security Performance
By John Chan

You may be aware of the heightened alerts for computer security measures from recent press reports. Hackers are using all sorts of sophisticated means in order to illegally gain access to computer systems, to capture electronic ID and passwords, to steal electronic data, and/or launch denial of service attacks on a particular system. In our University, extensive services and information are now available electronically. It is thus of paramount importance that effective security measures and practice must be applied regularly, and a holistic approach to the problem must be taken, taking into consideration of all kinds of threats, both established and novel, and all the defenses, whether technical, organizational, or human. It must be emphasized that security is the responsibility of the organization as a whole, not just a single department or individual staff. It requires coordination from the whole community, and everyone must follow well defined security processes.

Risks arise from threats, vulnerabilities and their potential impact upon the organization. Security threats can come from a variety of sources - criminals, hackers and users are the obvious ones. In general, there are five kinds of threats: Improper behavior, fraud and theft of information, damage to systems and data, access control, and legal threats. To address these threats and mitigate the risks they represent to the organization, an effective and robust security program is needed.

As part of this security program, the Computing Services Centre (CSC) will proactively and periodically review and assess the CityU IT infrastructure, the security policies and processes, and the configurations of the systems and networking equipments that are connecting to our campus network, CTNET. This Security Assessment Service (the "Service") will evaluate the effectiveness of technical controls in protecting the information assets of the whole organization as well as individual departments.

The Service will comprise of an overall and complete low-level security assessment of the current technical environment, including the perimeter and internet environment and the internal network and systems in order to identify potential vulnerabilities that would allow an unauthorized attacker to gain access to the systems or otherwise cause financial or reputable damage to the University. In general, the following Security Areas will be dealt with: security documentation, physical security, IT infrastructure design, authentication, authorization, auditing, data privacy, change management, and people management. To effectively collect information on these areas, the following approaches will be taken throughout the Service:

  1. Physical site visit
  2. Infrastructure design review
  3. Network-based assessment which will include names servers/network equipment scanning and cross-network segment scanning
  4. Host-based assessment which deals with the baseline configuration of the servers
  5. Network devices assessment which deals with the baseline configuration of the routers and/or switches
  6. Wireless LAN test which includes the detection of unauthorized access points and the analysis of the encrypted key strength
  7. Web application security assessment

To minimize impact to all running systems, all data collection will be carried out using non-interruptive scanning and tests, and no software installation of agents on systems will be enforced as far as possible. Upon analysis of the data collected, the main deliverables will include a statement on the baseline of risks resulting from possible threats, and/or a listing of all the vulnerabilities discovered, and recommendations regarding the overall assessment.

To effectively manage the data being collected, the CSC will conduct the Service in stages, normally with a single department or a group of departments based on the network segments. We will announce in due course the exact schedule and your cooperation is much appreciated during the data collection stages.

Also in this issue...
Implementation of Information Services Strategic Plan 2005-2010
The Joint ERP Development Centre Project
Policy on the Registration and Use of University Domain Names
Provision of Email Service to Alumni and Former Staff
Protect Yourself Against Phishing and Identity Theft
A Brief Introduction to Microsoft Outlook



 

Current & Back Issues
 
 
Search Articles
 
 
FAQs
 
Microsoft Windows 8.1
Microsoft Windows 7
Office 365 ProPlus
Microsoft Office 2013
Microsoft Office 2010
中文支援常見問題
Anti-spyware
Internet Explorer 11
Internet Explorer 9
Internet Explorer 8
Email Services
Confidential Email
Wireless LAN
USB Flash Drive
CityU SMS (for Department)
CityU SMS (for Staff & Student)
iPad (iOS 5.x)
Using a Mobile Device
Wiping Mass Storage Device
Staff Account Renewal
Changing Local Administrator Password
Full Scan of Your Computer for Concealed Computer Virus
Computer Warranty Scheme
 
Technical Guides
 
Guide on New Features/Changes of Microsoft Office 2010
BitLocker To Go User Guide
Guideline to Back Up your Computer and Important Files
VPN Connection Setup Guide
 
Copyright© Computing Services Centre, City University of Hong Kong. Best viewed in 1024x768 with IE. Javascript enabled. Last modified on Thursday September 28 2017 .