At a Glance
Central Software
CityVoD - CSC Forum Archive
Software List on CSC Student LAN

Location and Floor Plan of the CSC Teaching Studio Areas
Opening Hours of the CSC
Systems Maintenance Schedule
List of Blocked Network Cards / IP Addresses
List of CSC Representatives
List of Departmental Network Administrators
Staff Computer Courses
CSC e-Forms
Submit CSC Work Req.
Req. for Printing
Req. for Dump / Restore
Teaching Studio Booking / Cancellation
Email Alias Application
Apply for a New Domain Name
Remove an Existing Domain Name
Modify the Hosting of an Existing Domain Name
Useful Links
IT Information for Students
IT Information for Staff
IT Information for Alumni
Got any questions, comments or suggestions? Contact the editors at
Issue 46 - December 2005
Security Assessment Service: Analyze Network Security Performance
By John Chan

You may be aware of the heightened alerts for computer security measures from recent press reports. Hackers are using all sorts of sophisticated means in order to illegally gain access to computer systems, to capture electronic ID and passwords, to steal electronic data, and/or launch denial of service attacks on a particular system. In our University, extensive services and information are now available electronically. It is thus of paramount importance that effective security measures and practice must be applied regularly, and a holistic approach to the problem must be taken, taking into consideration of all kinds of threats, both established and novel, and all the defenses, whether technical, organizational, or human. It must be emphasized that security is the responsibility of the organization as a whole, not just a single department or individual staff. It requires coordination from the whole community, and everyone must follow well defined security processes.

Risks arise from threats, vulnerabilities and their potential impact upon the organization. Security threats can come from a variety of sources - criminals, hackers and users are the obvious ones. In general, there are five kinds of threats: Improper behavior, fraud and theft of information, damage to systems and data, access control, and legal threats. To address these threats and mitigate the risks they represent to the organization, an effective and robust security program is needed.

As part of this security program, the Computing Services Centre (CSC) will proactively and periodically review and assess the CityU IT infrastructure, the security policies and processes, and the configurations of the systems and networking equipments that are connecting to our campus network, CTNET. This Security Assessment Service (the "Service") will evaluate the effectiveness of technical controls in protecting the information assets of the whole organization as well as individual departments.

The Service will comprise of an overall and complete low-level security assessment of the current technical environment, including the perimeter and internet environment and the internal network and systems in order to identify potential vulnerabilities that would allow an unauthorized attacker to gain access to the systems or otherwise cause financial or reputable damage to the University. In general, the following Security Areas will be dealt with: security documentation, physical security, IT infrastructure design, authentication, authorization, auditing, data privacy, change management, and people management. To effectively collect information on these areas, the following approaches will be taken throughout the Service:

  1. Physical site visit
  2. Infrastructure design review
  3. Network-based assessment which will include names servers/network equipment scanning and cross-network segment scanning
  4. Host-based assessment which deals with the baseline configuration of the servers
  5. Network devices assessment which deals with the baseline configuration of the routers and/or switches
  6. Wireless LAN test which includes the detection of unauthorized access points and the analysis of the encrypted key strength
  7. Web application security assessment

To minimize impact to all running systems, all data collection will be carried out using non-interruptive scanning and tests, and no software installation of agents on systems will be enforced as far as possible. Upon analysis of the data collected, the main deliverables will include a statement on the baseline of risks resulting from possible threats, and/or a listing of all the vulnerabilities discovered, and recommendations regarding the overall assessment.

To effectively manage the data being collected, the CSC will conduct the Service in stages, normally with a single department or a group of departments based on the network segments. We will announce in due course the exact schedule and your cooperation is much appreciated during the data collection stages.

Also in this issue...
Implementation of Information Services Strategic Plan 2005-2010
The Joint ERP Development Centre Project
Policy on the Registration and Use of University Domain Names
Provision of Email Service to Alumni and Former Staff
Protect Yourself Against Phishing and Identity Theft
A Brief Introduction to Microsoft Outlook


Current & Back Issues
Search Articles
Microsoft Windows10
Microsoft Windows 7
Office 365 ProPlus
Microsoft Office 2013
Microsoft Office 2010
Internet Explorer 11
Internet Explorer 9
Email Services
Confidential Email
Wireless LAN
Virtual Desktop Service (VDS)
USB Flash Drive
CityU SMS (for Department)
CityU SMS (for Staff & Student)
iPad (iOS 5.x)
Wiping a Mobile Device
Wiping Mass Storage Device
Handling Handheld Smart Devices for Service Maintenance, Recycling Use, and Disposal
Staff Account Renewal
Changing Local Administrator Password
McAfee Endpoint Security
Full Scan of Your Computer for Concealed Computer Virus
Computer Warranty Scheme Software Copyright Declaration and Compliance Observation
Technical Guides
AV Facilities User Guide
Connecting to Wireless LAN (WiFi)
VPN Connection Setup Guide BitLocker To Go User Guide
Copyright© Computing Services Centre, City University of Hong Kong. Best viewed in 1024x768 with IE. Javascript enabled. Last modified on Friday June 29 2018 .