Daten sicher teilen/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
(→‎E-Mail communication: Deleted Link to BSI)
 
(9 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 19: Zeile 19:
 
The University of Paderborn provides a number of services for this.
 
The University of Paderborn provides a number of services for this.
 
* Each [[Gruppenverwaltung Neue Gruppe beantragen | group]] can be given its own restricted area on the [[Netzwerkspeicher|network storage]], which can be accessed only by members of the group, if desired. You can use it as a storage area for files that you edit together in your group.
 
* Each [[Gruppenverwaltung Neue Gruppe beantragen | group]] can be given its own restricted area on the [[Netzwerkspeicher|network storage]], which can be accessed only by members of the group, if desired. You can use it as a storage area for files that you edit together in your group.
* Use of the [[Sciebo_Generelle_Informationen/en | Campus Cloud Sciebo]] can be performed in a team by using Project User Boxes whose storage capacity exceeds the standard size of 30GB. To apply for such a Project Box for your project, please contact the IMT.  
+
* Use of the [[Sciebo_Generelle_Informationen/en | Campus Cloud Sciebo]] can be performed in a team by using Project User Boxes whose storage capacity exceeds the standard size of 30GB. To apply for such a Project Box for your project, please contact the ZIM.  
 
* Another possibility for cooperative work and above all exchange is offered by [https://como.uni-paderborn.de/ Kooperations Moodle].
 
* Another possibility for cooperative work and above all exchange is offered by [https://como.uni-paderborn.de/ Kooperations Moodle].
 
<br />
 
<br />
 
==Exchange via memory areas==
 
==Exchange via memory areas==
 
If you want to share files with others selectively, you can also use sharing via memory areas. In the storage areas mentioned in this chapter, the exchange, i.e. the transport of data, is encrypted. This means that an unauthorised party cannot read your data during the exchange.
 
If you want to share files with others selectively, you can also use sharing via memory areas. In the storage areas mentioned in this chapter, the exchange, i.e. the transport of data, is encrypted. This means that an unauthorised party cannot read your data during the exchange.
However, if the data is very confidential (e.g. sensitive personal data), we recommend that you also encrypt the data before sharing. The article [[Using Data Encryption]] explains how to encrypt sensitive data.  
+
However, if the data is very confidential (e.g. sensitive personal data), we recommend that you also encrypt the data before sharing. The article [[Dateiverschluesselung_einsetzen/en]] explains how to encrypt sensitive data.  
  
 
===Sciebo===
 
===Sciebo===
Zeile 31: Zeile 31:
  
 
===Network storage===
 
===Network storage===
In the "public" directory of the IMT network storage you can store files which are then easily accessible to all persons with a university account. People without a university account can access it via an https-address.  
+
In the "public" directory of the ZIM network storage you can store files which are then easily accessible to all persons with a university account. People without a university account can access it via an https-address.  
 
For details on configuring and using the network drive, refer to [[Netzwerkspeicher]](german).
 
For details on configuring and using the network drive, refer to [[Netzwerkspeicher]](german).
  
Zeile 52: Zeile 52:
 
* The E-mail can only be read by the recipient and sender.
 
* The E-mail can only be read by the recipient and sender.
 
* Sender and recipient need an e-mail certificate.
 
* Sender and recipient need an e-mail certificate.
If you want to send confidential data by email, you must either encrypt the entire email (to do this, sender and recipient need an email certificate). Alternatively, you can encrypt only the file you want to exchange. In this case you only need to provide the recipient with the password to decrypt the file. For details on the practical use of encryption programs, refer to [[Dateiverschlüsselung einsetzen/en]].
+
If you want to send confidential data by email, you must either encrypt the entire email (to do this, sender and recipient need an email certificate). Alternatively, you can encrypt only the file you want to exchange. In this case you only need to provide the recipient with the password to decrypt the file. For details on the practical use of encryption programs, refer to [[Dateiverschluesselung einsetzen/en]].
 
<br />
 
<br />
 
On the following pages you can find out how to sign or encrypt your university e-mails (in german):  
 
On the following pages you can find out how to sign or encrypt your university e-mails (in german):  
 
* [[Signierte E-Mails]]
 
* [[Signierte E-Mails]]
* [[E-Mail-SSL-Zertifikate (S-MIME)]]  
+
* [[E-Mails verschluesseln]]
Further information on e-mail encryption can be found on the BSI website (in german): https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/Verschluesselung/EMail_Verschluesselung/email_verschluesselung_node.html
+
* [[E-Mail-Zertifikate]]  
 
<br />
 
<br />
 +
 
==Virtual Private Networks (VPN)==
 
==Virtual Private Networks (VPN)==
 
In order to access the university infrastructure from an insecure location, e.g. WLANs in hotels or restaurants or other universities, a so-called VPN connection is used. The communication between the participants of a virtual private network then runs encrypted to the services of the university. Besides the clear advantages, there are also some disadvantages.
 
In order to access the university infrastructure from an insecure location, e.g. WLANs in hotels or restaurants or other universities, a so-called VPN connection is used. The communication between the participants of a virtual private network then runs encrypted to the services of the university. Besides the clear advantages, there are also some disadvantages.
Zeile 72: Zeile 73:
 
'''The following applies to VPN access at the University of Paderborn:'''
 
'''The following applies to VPN access at the University of Paderborn:'''
 
* Use the VPN connection only when you need it (network drive, library catalogue, etc.)
 
* Use the VPN connection only when you need it (network drive, library catalogue, etc.)
* Disconnect the VPN connection for video conferences (BBB, Jitsi, Teams, Zoom, etc.)
+
* Disconnect the VPN connection for video conferences (Teams, Zoom, etc.)
 
* Disconnect the VPN connection if it is not needed
 
* Disconnect the VPN connection if it is not needed
 
<br />
 
<br />
Zeile 81: Zeile 82:
 
* [[Datensicherung | Data backup (german)]]
 
* [[Datensicherung | Data backup (german)]]
 
'''File Encryption'''
 
'''File Encryption'''
* [[Using Data Encryption]]  
+
* [[Dateiverschluesselung_einsetzen/en|Using Data Encryption]]  
 
* [[Daten_sicher_teilen/en|Sharing Data Securely]]  
 
* [[Daten_sicher_teilen/en|Sharing Data Securely]]  
 +
* [[Daten_sicher_aufbewahren/en|Keeping your Data Secure]]
 
'''Password security'''
 
'''Password security'''
 
* [[Schuetzen_Sie_Ihr_Passwort/en|Protect your password]]
 
* [[Schuetzen_Sie_Ihr_Passwort/en|Protect your password]]
Zeile 91: Zeile 93:
 
'''Mail Security'''
 
'''Mail Security'''
 
* [[Signierte_E-Mails/en|Signed E-mails]]
 
* [[Signierte_E-Mails/en|Signed E-mails]]
* [[E-Mail-SSL-Zertifikate (S-MIME) | E-mail SSL Certificates (S-MIME) (german)]]  
+
* [[E-Mail-Zertifikate | E-Mail Certificates (S-MIME) (german)]]  
 
'''Viruses/Trojans'''
 
'''Viruses/Trojans'''
 
* [[Antivirensoftware | Antivirus software installations (german)]]
 
* [[Antivirensoftware | Antivirus software installations (german)]]
 +
* [[Virenschutz_unter_Windows/en|Antivirus protection for Windows]]
 +
* [[Virenschutz_unter_macOS/en|Antivirus protection for macOS]]

Aktuelle Version vom 6. November 2024, 13:08 Uhr

Die deutsche Version finden Sie auf der Seite Daten sicher teilen

This article explains how to share data securely with other people over the Internet. It also explains VPNs, with which a remote work place can be securely connected to the university network.

Background[Bearbeiten | Quelltext bearbeiten]

It is important for Internet users to know that digital communication over the Internet happens unencrypted and in plain text. A comparable example is the postcard, which can be read by everyone in the post. This also applies in principle to the Internet. It is even easier to intercept or manipulate communication on the Internet than it might be in the postal service. So if you want to protect your data during an exchange, it is imperative to encrypt your data and / or the communication channels you use.
In the following chapters, we provide information about various ways in which data can be shared with other people via secure channels. There are basically three procedures for this:

  1. to use shared memory areas,
  2. to allow access via special storage locations via a hyperlink or
  3. to send data by e-mail.


Using shared storage solutions[Bearbeiten | Quelltext bearbeiten]

This option allows you to create a storage space that you can share with others. This option is useful when you want to exchange data repeatedly over a long period or work on it together with colleagues. Typical examples are projects or working groups or committees. The university's own services (i.e. the network storage) and Sciebo encrypt all network communication, so that the exchange is secure. The University of Paderborn provides a number of services for this.

  • Each group can be given its own restricted area on the network storage, which can be accessed only by members of the group, if desired. You can use it as a storage area for files that you edit together in your group.
  • Use of the Campus Cloud Sciebo can be performed in a team by using Project User Boxes whose storage capacity exceeds the standard size of 30GB. To apply for such a Project Box for your project, please contact the ZIM.
  • Another possibility for cooperative work and above all exchange is offered by Kooperations Moodle.


Exchange via memory areas[Bearbeiten | Quelltext bearbeiten]

If you want to share files with others selectively, you can also use sharing via memory areas. In the storage areas mentioned in this chapter, the exchange, i.e. the transport of data, is encrypted. This means that an unauthorised party cannot read your data during the exchange. However, if the data is very confidential (e.g. sensitive personal data), we recommend that you also encrypt the data before sharing. The article Using Data Encryption explains how to encrypt sensitive data.

Sciebo[Bearbeiten | Quelltext bearbeiten]

Sciebo is a non-commercial cloud storage service for research, studying and teaching, which is operated by the University of Münster for all universities in NRW. Via Sciebo, users can access files in encrypted form and synchronize files independently from their used device. To share data with others via sciebo, you create a protected link to the file and send it. Information about Sciebo can be found at: Sciebo General information

Network storage[Bearbeiten | Quelltext bearbeiten]

In the "public" directory of the ZIM network storage you can store files which are then easily accessible to all persons with a university account. People without a university account can access it via an https-address. For details on configuring and using the network drive, refer to Netzwerkspeicher(german).

GigaMove[Bearbeiten | Quelltext bearbeiten]

GigaMove is a platform for data exchange provided by the University RWTH Aachen. It offers the possibility to send large files conveniently via link and to provide them with an optional password. More information about Gigamove can be found under GigaMove.

E-Mail communication[Bearbeiten | Quelltext bearbeiten]

The exchange of data by email is simple and fast; anyone can use it anywhere in the world today. However, email communication without further measures is not a confidential means of communication and the authenticity of the sender and recipient is also not guaranteed, i.e. email addresses can easily be forged and email contents can easily be manipulated and read. The following terms must be distinguished in connection with secure e-mail:
Signed e-mails
This procedure prevents phishing mails. Signing ensures that the sender of the mail can be trusted.

  • The e-mail is signed by the sender with a certificate.
  • The recipient can see from this certificate that the e-mail really comes from the specified sender.
  • Only the sender of the mail needs a certificate


Encrypted e-mails

  • The E-mail is encrypted with a certificate.
  • The E-mail can only be read by the recipient and sender.
  • Sender and recipient need an e-mail certificate.

If you want to send confidential data by email, you must either encrypt the entire email (to do this, sender and recipient need an email certificate). Alternatively, you can encrypt only the file you want to exchange. In this case you only need to provide the recipient with the password to decrypt the file. For details on the practical use of encryption programs, refer to Using Data Encryption.
On the following pages you can find out how to sign or encrypt your university e-mails (in german):


Virtual Private Networks (VPN)[Bearbeiten | Quelltext bearbeiten]

In order to access the university infrastructure from an insecure location, e.g. WLANs in hotels or restaurants or other universities, a so-called VPN connection is used. The communication between the participants of a virtual private network then runs encrypted to the services of the university. Besides the clear advantages, there are also some disadvantages.
Advantages

  • You can use certain services that you can otherwise only use locally from the local network. At the University of Paderborn, for example, these are the network drives and the download of materials from the University Library catalogue.
  • The connection to the VPN operator is encrypted. You can thus protect your communication from being viewed and manipulated by third parties. This is helpful if you do not trust the operator of your Internet access. An example is the use of a public or unencrypted WLAN.


Disadvantages

  • The VPN operator can learn a lot about your communication if he wants to. You must therefore be able to trust your VPN provider sufficiently. Be suspicious of free VPN offers. These often earn their money with advertising.
  • Since all communication is handled by the VPN operator, your data will take a diversion which can lead to delays. For video conferences, this can lead to a significant deterioration in the connection quality.


The following applies to VPN access at the University of Paderborn:

  • Use the VPN connection only when you need it (network drive, library catalogue, etc.)
  • Disconnect the VPN connection for video conferences (Teams, Zoom, etc.)
  • Disconnect the VPN connection if it is not needed


Further information on VPN access at the University of Paderborn: VPN einrichten (german)

See also[Bearbeiten | Quelltext bearbeiten]

Working safely with your own operating system

File Encryption

Password security

Phishing

Mail Security

Viruses/Trojans


Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo-Do Fr
Vor-Ort-Support 08:30 - 16:00 08:30 - 14:00
Telefonsupport 08:30 - 16:00 08:30 - 14:00


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo-Do Fr
08:00 - 16:00 08:00 - 14:30
Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.