IT-Security

Your password is also 123456? Congratulations, you have made it to number 1 of the most popular passwords in Germany. This list is published annually by the Hasso Plattner Institute (HPI). Users of the passwords published there are careless handling of their access data, but other passwords are also insecure and easy for hackers to guess. Here is an overview of the requirements a secure password should meet:

• Length - The longer the better, Minimum 10 characters
• Alphanumeric - Use a combination of letters (upper and lower case), numbers and special characters
• Known - Do not use birth dates from your environment or pet names
• Sequences - Do not use number sequences (12345678) or key sequences (qwertz)
• Diverse - Use different passwords for different accesses
• Change - If you receive a password generated by a provider (e.g. the initial password for the university user account), change this to a personalised password as quickly as possible

If you follow this advice, you will end up with a password such as "Xü*&28uakPlwk§". Extremely secure, but extremely difficult to remember. We therefore recommend the following method:

• Work with a mnemonic phrase, for example: TBV Lemgo became German champions in 1997 and 2003
• The first step is to shorten the sentence to its initial letters: DTBVLw1997u2003dM
• It's already quite good, but it's best to shorten or replace individual components. Instead of TBV Lemgo, use "TeBeVau" and shorten the year: DTeBeVauw'97u'03dM
• Now replace some letters with very similar or functionally similar special characters. For example, V with the combination of \ and / and the "and" with a +: DTeBe\/auw'97+'03dM

You have now generated a secure password. As you will probably need several passwords, it is best to work with a password manager. You can read how this works in the next section.

Further external information

• Create secure passwords (BSI website)
• The most popular passwords 2021(HPI website University of Potsdam) 

Check your knowledge!

• SecAware-Training:password & authentification

A password manager or password safe is a programme in which you can store your numerous passwords for various accesses and services. Some of these programmes also offer the option of generating secure passwords or storing payment data. The advantage of such a programme is that instead of having to remember lots of access data, you only have to remember the access data for the password manager.

• Important: The password to your password safe should be extremely secure and you should change it from time to time if necessary. Because: If someone gains access to your password safe, they automatically gain access to all stored data.

We recommend using the free KeePass programme. We have provided you with instructions on this topic here:

• S(kim)-documentation Passwort safe 

   

Further external information

• Download KeePass (external link, please select the latest version)
• Installation instructions KeePass (external link University of Mannheim)
• Video tutorial (external link Youtube) 

Only use external storage media (hard drives, USB sticks, etc.) to transfer data in absolutely exceptional cases. These devices are a threat to any IT environment for many reasons:

• As these devices are often used on different end devices, they can easily become real virus slingers. Not every protection programme immediately checks inserted storage media for viruses, so end devices that are actually protected offer a broad attack surface.
• Ever smaller USB sticks with ever larger memories can easily get lost. If the sticks are not protected, data can fall into the wrong hands.
• Even if data is deleted from external data carriers, it leaves traces. Without further protection, deleted data can quickly be restored and thus become visible to others. Tip: Overwrite a data carrier a few more times with non-sensitive data after deleting it. This makes recovery more difficult.

Tip - If you cannot do without external data carriers, make life difficult for data thieves and encrypt the data. You can learn how to do this in the next section Encrypt hard drive.

Good to know - Instead of transferring data via hard drives or memory sticks, as a university member you can use the cloud storage "Sync&Share". Here the data is checked and any malware is not transferred. Further information on this can be found in the Sync&Share documentation.

In this section, we use the example of the university's own network storage service Sync & Share to explain the controlled sharing of documents. However, the instructions for handling this data can also be applied to other network storage solutions.

Before you share data with third parties via the Sync & Share network storage service, you should be aware that you can no longer guarantee the security of the data. Even with limited authorisations (e.g. read-only authorisation), you cannot prevent the contents of the documents from being accessed by screenshots, for example.

You should therefore make use of the options offered by the respective network storage services. In the case of the Sync&Share network storage solution, you can define the following parameters for sharing:

• Rights: Specify here whether other people can only view the shared files or also edit them.
• Expiry: Specify here how long other people should have access to the shared files.

You can find more information on this in our manual: S(kim)-Documentation Sync&Share.

Check your knowledge!

• SecAware-Training:data exchange

The cooperation software Cisco Webex already has a high security standard from home, all conversations over this platform are encrypted. You, as a user, can still contribute to increasing security:

Do not use telephone dial-in: Dial-in to a meeting by telephone is possible and is perfectly fine for most meetings within the university. But in the case of particularly sensitive topics, the following applies: Dialing in by phone carries security risks. This is due less to the Cisco Webex software than to the devices used. Telephone calls can be intercepted, if in doubt use the Webex client on your service computer.

Increase encryption: You can set the encryption level of a meeting when you create it, regardless of whether you prefer Outlook or creating it via the website. It is important that you use the option "Webex Meeting Pro - End to End Encryption" as the meeting type. Please note: This setting restricts the number of participants in some cases. Dialling in by telephone will not be possible (see above) and Linux clients are also excluded. How to access the settings:

• Outlook: Simply create a Webex appointment as usual and display the Webex options by clicking on the cogwheel icon. Here you can change the meeting type in the scroll-down menu. Finally, click on "Update" to apply the settings.
• Website: If you create a meeting via the website (https://th-owl.webex.com), you will be asked for the meeting type in the second scroll-down menu.

Increase encryption of the personal room: Not only meetings in rooms set up for this purpose (appointments) can be provided with end-to-end encryption, the encryption of the personal room can also be increased. To do this, go to the TH OWL Webex page(https://th-owl.webex.com),. After logging in, go to the "Settings" and "Meetings" area and switch to the "Planning" area. Here you can increase the end-to-end encryption under "Meeting type".

The following functions are not available with end-to-end encryption:

• Joining before the host
• Moving participants to the lobby
• Breakout rooms
• Participation via browser or telephone dialling
• Cloud-based recordings
• Saving meeting data, transcripts and meeting minutes
• Upload shared files in the meeting area at the end of Webex Meetings

Check your knowledge!

• SecAware-Training:communication & social media

University data belongs on university servers. Therefore, do not back up your data locally, but use the university's network drives. This not only conserves the resources of your end device but also increases data security. Crashes, missing or defective end devices - regular backups are made of the university's servers. Even if a server crashes, the data can be restored from the backup servers.

Operating systems (MS Windows, Apple macOS, etc. ) and application software (MS Office, Adobe Photoshop, etc. ) are often affected by programming errors, which on the one hand cause faults, but on the other hand open security gaps. These are detected by the manufacturers after some time and fixed by updates.

Updating operating systems and software products is therefore extremely important - but not sufficient as a protective measure. The reason for this is that updates for security gaps are always delayed. Between the emergence of security gaps and their rectification by an update, there is a possibility that the gaps will be exploited. In addition, there are other dangers that can be introduced through e-mail correspondence or other applications.

In addition to regular updates for the operating system and software, the use of anti-virus software is essential. This software recognises patterns and behaviour that indicate attacks or other dangers. These areas are isolated from the system at an early stage and the user receives appropriate feedback. Anti-virus software also requires regular updates to protect against the latest attack methods.

Good to know: All university members' work devices with MS Windows and Apple macOS operating systems must be protected with the university's antivirus solution. It is important to know which organisational unit you belong to and who is responsible for administration:

• Administration, IWD, S(kim) - The administrative, IWD and S(kim) tools supplied by S(kim) are equipped with anti-virus software. This software is updated by the S(kim).
• Departments - This software is also available to the departments and the departmental workstations can also be connected to the S(kim) virus protection server for automated updates. In this case, please contact your IT contact person in the department. Further information on procurement and installation can be found in the Hardware/software/framework agreements documentation. Please first log in to this page with your user ID and password and then navigate to the "Software for employees" section.

Spam - Even though the S(kim)'s email filters are already working at full speed, members of the university are still receiving unwanted emails. These are often "just" annoying adverts trying to draw attention to and sell products. Topics such as gambling or pornography are also not uncommon. The aim is always the same: a large number of emails are sent to a large group of recipients in the hope that a few will "bite". After all, 1% of 6,000,000 are still 60,000 potential recipients for such offers. Spam therefore refers to large floods of emails, which can also occur repeatedly. Not every spam e-mail poses a threat, they are often obvious, annoying and can simply be deleted. Even if the economic damage caused by the computing power and measures in the data centres is not negligible.

Phishing - This form of email is often distributed via spam attacks and is much more aggressive, as the email is used as a form of contact in an attempt to elicit an action from the addressee (you) that either attempts to obtain sensitive data (e.g. university login details) or to open file attachments (PDF, PowerPoint, Word, Excel, etc.) contained in the email. These two different approaches (attacks) have different characteristics:

• Determination of access data - This method attempts to direct you to a website via a link in the e-mail, which is often a replica (sometimes good, sometimes bad) of a website you know (e.g. TH OWL webmail or other university portals). The content of the email is intended to encourage you to log in to the linked replica website with your access data. This method ("Trojan horse" metaphor) therefore obtains your access data via the replicated website and by you entering it there. You are often redirected to the real website after entering your credentials, so that the mistake is not even noticed.
• Opening attachments - This method attempts to encourage you to open attachments contained in the email, which then execute malicious code in the background.

Both approaches are very dangerous and require a high level of attention in everyday email work, starting with the assessment of an incoming email.

Since many malicious emails are well done at first glance, here are a few features to help you identify malicious emails:

• Sender - The sender claims to be a member of the university, but the sender address does not end with "@th-owl.de". Often in combination with names known at the university.
• It's urgent - The message contains a request to act urgently: Your account will be blocked if you do not...
• The message contains a file attachment that you should open
• To be able to open an attached file, you should activate macros
• Crude formulations, abstruse content: "VI€LE MILION FOR YOU - PLEASE READ THIS, MY DEAR FRIEND!!!!!!!"

It is best not to open emails of this type at all. Simply looking at such an e-mail is not a problem; without any interaction on your part (downloading and/or opening an attachment, entering your data), an e-mail will not cause you any damage. Do not reply, do not open any attachments and do not activate any macros. It is best to simply delete the e-mail from your mailbox.

Some of these emails contain links to websites where your data is being spied on. You can read how to recognise suspicious links in the next section Check links.

Check your knowledge!

• SecAware-Training:online fraud & phishing

Links are not always what they look like at first glance. The design of the link on a website or in an email is one thing, where this link actually leads to is another.

Need an example?

Webseite of TH OWL or www.th-owl.de

Both links supposedly lead to the university's website. In reality, however, you lead to the pages of the district Lippe. You can see where the link takes you if you hold the pointer on the link a little. Then you will either see the destination address near the pointer or your internet browser will show you the destination in the lower left corner.

But be careful: sites that try to steal your data can also hide behind seemingly harmless URLs. For example, fraudsters could recreate a TH OWL login page in order to steal your access data. This would certainly be poorly hidden at www.wirklauendaten.de. But at www.th-owl.de or www.owl-th.de you have to look closely to see that these links do not lead to TH OWL pages.

Good to know: The "who section" of an Internet address is always decisive. This always consists of the last two terms before the first single slash (/). The TH OWL websites always have "th-owl.de" as the "who area". If a link takes you to the page www.th-owl.de.anmeldung.de, this is not a TH OWL page. The "who area" in this case is "anmeldung.de". You should be particularly careful if the "who area" consists of numbers, i.e. an IP address: 95.130.22.98/th-owl.de/. There is little reason for reputable providers to hide the destination behind the IP address. Do not follow such links.

Microsoft will finally discontinue support for all Windows 10 versions (Pro, Enterprise, or Education) on October 14, 2025. 
From this date onwards, there will be no more security updates or bug fixes for this operating system. Under certain conditions, private customers can still secure updates for the Home version for another year. Information on this can be found on the heise-online website.
If you continue to work with Windows 10 (Pro, Enterprise, or Education) after this date, your operating system will no longer be secure and will pose a significant security risk to you and the university.
Even a single unsecure device can jeopardize the entire TH OWL—in the worst case, this could lead to IT failures or a complete shutdown of operations.

What do you need to do?
If you work in S(kim) or in administration, you don't need to do anything, as your devices will be updated centrally.
If you work in the departments or institutes and are currently still using the Windows 10 operating system, please work with your administrators to take action. Check which devices are still using Windows 10 and what alternatives are available:

• Can your device be upgraded to Windows 11?
• Would a LTSC (Long-Term Servicing Channel) version be an alternative for a transitional period?
  • Windows 10 Enterprise LTSC 2021: Support until January 2027, security updates only, no feature updates, use only recommended to a limited extent
  • Windows 10 Enterprise LTSC 2019: Support until January 2029, based on a significantly older version of Windows 10, security updates only, no feature updates, use only recommended to a very limited extent (depending on the field of application)

Does your special device still need to run on Windows 10?
In this case, the device must be disconnected from the Internet or the TH OWL network. If necessary, contact your administrator.
In addition, sharing storage devices such as USB sticks with other devices can be critical.

Are there any license offers for Windows 11 and the alternatives from S(kim)?
Das S(kim) bietet aktuelle Versionen von Windows 11 Pro sowie Windows 11 Pro LTSC 2024 und Windows 10 LTSC 2019/2021 zum Download im Bereich  an. Bitte melden Sie sich auf dieser Seite zunächst mit Ihrer Benutzerkennung und dem Passwort an und navigieren Sie dann auf den Bereich "Software für Mitarbeitende".
S(kim) offers the latest versions of Windows 11 Pro, Windows 11 Pro LTSC 2024, and Windows 10 LTSC 2019/2021 for download in the documentation Hardware/Software/Rahmenverträge. Please log in to this page with your user ID and password and then navigate to the “Software für Mitarbeitende” section.

Which other Microsoft products will end support in 2025?
Other Microsoft products will also be discontinued in 2025. An overview can be found at further EoL-products.

If you have fallen into the trap and you have entered your access data or downloaded or installed an attached file, please follow the steps below:

• Please change your password IMMEDIATELY in IDM at https://idm.th-owl.de 
• Don't be shy, please report IMMEDIATELY to the S(kim) or your IT contact in the department that you have passed on your access data.
• If you notice any suspicious activity, also mention this IMMEDIATELY.

Important: Please do not be shy at this point and really inform the S(kim) or your department admin. Many colleagues will thank you for it.

E-Mail: support@th-owl.de
Phone: +49 5261 702-2222