TU BRAUNSCHWEIG

Brief tips on IT security/information security from the Gauß-IT-Zentrum

Information security cannot be bought off the shelf. All users must actively participate.

The Gauß-IT-Zentrum has made detailed information and instructions available in a wiki. There you can and should get detailed information.

Golden Rules

However, a few "golden rules" should always be observed by all users, regardless of whether they are employees or students.

  1. Update! Update! Update! Always keep your software, your operating system and especially your virus scanner up-to-date on all your devices.
  2. If possible and useful, use different user names (e-mail addresses) for different pages.
  3. Use a different, secure password for each access (account, e-mail,...)! With our password generator it is very easy to create one.
  4. Never click on "OK", "Next", "Yes", "Agreed" or "Accept" etc. without first reading and thinking.   
  5. "Free" is often expensive: You pay with your data!
     That's why you spread your data wisely: Every online form field does not always have to be filled in.
  6.  An e-mail is like a postcard, not a letter!
  7. Pay attention to the links and attachments in every e-mail and on every website: don't just click, look first! Phishing and blackmail Trojans are all the rage!
    The more alert we are, the more sophisticated but also the tricks.
    Inform yourself! (further information in the Wiki: here and here)
  8. Always activate a screensaver with password protection (e.g. Windows: "Windows" key+"L") when you leave your computer, no matter how short!
  9. Do not work as an "administrator", but as a normal user. Deactivate or delete all applications and services that you do not need. What is not there cannot be attacked.
  10. "Automatic" is not automatically good! Disable automatic connection to "known" WLANs - see presentation "WLAN security"
  11. Backup! Backup! Backup!
    Back up your data often and regularly in a safe place - it's your only insurance against blackmail Trojans - and against hardware failures.

Formulated differently by Heise Online: How to protect yourself (german)

Applications and services

Free web services are practical, no question. But why wander far away when the good is so close at hand?

The Gauß-IT-Zentrum offers many free services for members of the TU Braunschweig - including free support for the services of the GITZ. Some of the services are offered via the German Research Network (DFN).

You can find a complete overview of the services of the Gauß-IT-Zentrums in our service catalogue (german).

At this point we would like to introduce a few but important selected services of GITZ and DFN:

ApplicationAccessRemarks
E-Mail, Appointments, Contacts
(for employees: incl. mail archive)
Groupware
Communigate Pro
Access Intructions (german)
Cloudstorage
online repository
and file exchange
PowerFolder
Access Instructions (german)
Online-Office
online
document processing
and collaboration
OnlyOffice
integrated in Cloudstorage Instructions (german)
Coordination of appointments
polls
scheduling tool
Foodle

current version (using SSO)

DFN
Instructions in Dokuwiki
(german)
Virus protection
Sophos
Download Instructions (german)
Specialist software
(only for facilities
and institutes)
Rights-managed
Software Manuals (german)
Map of the campus
Map: Campus TU Braunschweig TU Braunschweig

Land and road maps

Open Street Map

Maps OpenStreetMap
Foundation

(OSMF)

video conferencing
web conferences

(also for external
participants)

web conferencing
video conferencing

DFN
Backup / Restore
(only for institutions
and facilities)
Instructions

Password rules and verification

Choose secure passwords

The rules and tips for secure passwords are summarized here (german):

Extension of the password check in the interactive password service of GITZ

Check for known passwords

On the occasion of the World Password Day on 3 May 2018, which always takes place on the first Thursday in May, the GITZ extends the password check on the "Change Password" page of the GITZ.

 

This change does not apply to employees working in the administration domain, since the password is set there via Windows internal mechanisms and not via the web service.

 

In addition to the already known check for compliance with the password rules, the "Change Password" page of the GITZ https://www.tu-braunschweig.de/it/service-interaktiv/passwortaendern will also check from May 3, 2018 whether the desired password may already be contained in a list of passwords that have already been hacked and become known. If this is the case, the password is considered insecure, as such password lists are also often used by hackers for new attacks.

 

The GITZ uses the service of the website "have I been pwned[1]“ (HIBP) of the independent security researcher Troy Hunt[2], which is the most comprehensive, openly accessible collection of insecure, "leaked" passwords. The site is also used by several governments as a review body[3].

 

This additional test[4] makes the use of the services of the TU Braunschweig a bit safer again.

 

The service available online uses a sophisticated mechanism that ensures that the password entered or the "hash" generated from it is never passed on to HIBP by the GITZ[5].

 

If the password already appears in the list, an error message is displayed and the password is not accepted:

Error message HIBP

In this case you have to use a different password.

 

In a later development stage, the password check will also be extended to include a check against known dictionaries and word lists, since the use of "normal everyday words", even in slight alienation, also represents a security risk.

[5] The "Change Password" page is of course accessible (via https) from the Internet; of course, the password is transmitted (securely) from the user's terminal device to the GITZ via the Internet, but it is then not forwarded from the GITZ, not even to the HIBP page.



  last changed 25.05.2018
TU_Icon_E_Mail_1_17x17_RGB pagetop