IT-Security
The IT security infrastructure at UHH is structured in a complex manner due to the size of the university, the campus areas spread across the city and responsibility concerning that has to be taken into account. The cross-university security measures are coordinated and, for the most part, provided by the RRZ. These security measures are supplemented by decentralized services in the various departments of the UHH.
Technical security aspects include mechanisms that are common according to the state of the art. At UHH, various security services are provided by the RRZ. These include in particular:
- Firewall operation
- Operation of IDS
- Incident management
- Patch distribution
- Virus scanning
- Security consulting
Organizational security aspects include the creation of binding guidelines for network operation and use ("Net Policy" and its subordinate guidelines), as well as the hierarchical structuring of error and fault management by delegating (partial) responsibilities to trained employees on site in the decentralized UHH facilities.
This also includes incident handling, coordinated centrally in the RRZ and implemented decentrally, when security incidents become known through internal IDS mechanisms (blacklist management) or external reporting to appropriate UHH e-mail addresses (abuse@uni-hamburg.de).
Users can request help with security problems via a central service point (RRZ-Serviceline). In complicated cases, they are referred to specialists at the RRZ, supported by a "trouble ticket system".
In addition, security messages (WIN-SEC, WIN-SEC-SSC messages) from DFN-CERT are forwarded to decentralized IT managers or distributed within the university via e-mail distribution lists and web-based information systems.