Jnk (Diskussion | Beiträge) (Added Backup Options and 3-2-1-Rule) |
|||
(9 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) | |||
Zeile 12: | Zeile 12: | ||
==Background== | ==Background== | ||
− | === Why is data | + | === Why is it important to think about data security? === |
In real everyday life we protect important things (such as ID cards, keys, credentials), but also expensive objects (such as cars, or bicycles) or things that are important to us personally (such as photos, memories, diaries, letters). | In real everyday life we protect important things (such as ID cards, keys, credentials), but also expensive objects (such as cars, or bicycles) or things that are important to us personally (such as photos, memories, diaries, letters). | ||
<br> We are careful and take good care of them, take out insurances, make copies and put them elsewhere to protect ourselves from losing things, getting them damaged or stolen, falling for fraud (like grand-child fraud, fake officials) or our own clumsiness. In the digital world, the protection of digital data is divided into '''protection goals and associated threats''', against which we should protect ourselves. | <br> We are careful and take good care of them, take out insurances, make copies and put them elsewhere to protect ourselves from losing things, getting them damaged or stolen, falling for fraud (like grand-child fraud, fake officials) or our own clumsiness. In the digital world, the protection of digital data is divided into '''protection goals and associated threats''', against which we should protect ourselves. | ||
Zeile 26: | Zeile 26: | ||
'''Only making a security copy of your data on a regular basis protects you from all these scenarios.''' The technical term for this is a backup. | '''Only making a security copy of your data on a regular basis protects you from all these scenarios.''' The technical term for this is a backup. | ||
<br /> | <br /> | ||
− | For private data you should make private copies on a regular basis. Information on this can be found, for example, | + | For private data you should make private copies on a regular basis. Information on this can be found, for example, on the Website of the Bundesamt für Sicherheit in der Informationstechnik: |
+ | * https://www.bsi.bund.de | ||
Your university data is stored in the network storage, in the university applications (mail systems of the university, PANDA, PAUL) in a protected way, as the data backup of the university is in effect here. <br /> | Your university data is stored in the network storage, in the university applications (mail systems of the university, PANDA, PAUL) in a protected way, as the data backup of the university is in effect here. <br /> | ||
− | Critical from a university point of view are your university data on your mobile devices and in cloud environments not released by the university. '''Therefore, make regular copies to a network storage or do not use local storage at all.''' For Windows and | + | Critical from a university point of view are your university data on your mobile devices and in cloud environments not released by the university. '''Therefore, make regular copies to a network storage or do not use local storage at all.''' For Windows and macOS users there are also automatic synchronisation options. |
+ | <br> | ||
+ | |||
+ | The ZIM offers a central service [[Datensicherung]] for Paderborn University. Alternatively, you can use the data backup options available in [[Datensicherung_Backup_mit_Microsoft_Software_unter_Windows| Windows]] or [https://support.apple.com/de-de/104984 macOS]. | ||
+ | <br /> | ||
+ | |||
+ | <bootstrap_alert colour=info> | ||
+ | <span style=‘font-size:30px;’>🛈</span> | ||
+ | <br> | ||
+ | When designing your data backup concept, you can use the 3-2-1 strategy as a guide: | ||
+ | * 3 copies of the data | ||
+ | * 2 storage technologies | ||
+ | * 1 external storage | ||
+ | </bootstrap_alert> | ||
+ | |||
<br /> | <br /> | ||
In addition to backing up your data, you reduce the risk of loss due to third-party maliciousness if you | In addition to backing up your data, you reduce the risk of loss due to third-party maliciousness if you | ||
Zeile 40: | Zeile 55: | ||
===Security of Confidential Data=== | ===Security of Confidential Data=== | ||
− | |||
Another threat in the digital world is the disclosure of '''confidential information'’'. This means that information that should only be accessible to a certain group of people can also be read by others. For example, we regularly read about credit card information or email addresses that have been stolen. | Another threat in the digital world is the disclosure of '''confidential information'’'. This means that information that should only be accessible to a certain group of people can also be read by others. For example, we regularly read about credit card information or email addresses that have been stolen. | ||
<br /> | <br /> | ||
Zeile 49: | Zeile 63: | ||
To protect confidentiality, authorisation concepts (differentiation of users and groups and their respective rights) and encryption procedures are generally used. For example, in current smartphones and tablets, all data is already stored completely encrypted, so that if the device is lost or attacked, other people cannot simply read the stored data. But you can also encrypt your data yourself and thus protect your data from unauthorised access in the event of loss of your device, when storing it in shared storage (network storage, cloud storage such as sciebo), in storages that are administered by third parties (and who therefore basically have access to your data) or when transferring data via the '''generally non-confidential''' worldwide Internet (by email or web transfer). | To protect confidentiality, authorisation concepts (differentiation of users and groups and their respective rights) and encryption procedures are generally used. For example, in current smartphones and tablets, all data is already stored completely encrypted, so that if the device is lost or attacked, other people cannot simply read the stored data. But you can also encrypt your data yourself and thus protect your data from unauthorised access in the event of loss of your device, when storing it in shared storage (network storage, cloud storage such as sciebo), in storages that are administered by third parties (and who therefore basically have access to your data) or when transferring data via the '''generally non-confidential''' worldwide Internet (by email or web transfer). | ||
<br /> | <br /> | ||
− | ====Integrity and Authenticity==== | + | ====Integrity and Authenticity of Data==== |
− | From a security point of view, digital data is subject to further threats. It can easily be modified. This is a great advantage in the field of word processing or image processing, but raises the question of originality, changes and authorship. The technical terms used in IT security are the ''integrity'' (the correctness of data is guaranteed) and the ''authenticity'' of data (authorship is guaranteed). Some encryption technologies also ensure these objectives. | + | From a security point of view, digital data is subject to further threats. It can easily be modified. This is a great advantage in the field of word processing or image processing, but raises the question of originality, changes and authorship. The technical terms used in IT security are the ''integrity'' (the correctness of data is guaranteed) and the ''authenticity'' of data (authorship is guaranteed). Some encryption technologies like the open source program 7.zip also ensure these objectives. |
=== Summary to Protect Data during Storage === | === Summary to Protect Data during Storage === | ||
Zeile 58: | Zeile 72: | ||
* Password for the online storage has fallen into foreign hands | * Password for the online storage has fallen into foreign hands | ||
* PC infected by malware | * PC infected by malware | ||
+ | * Data transfer via internet or data storage in cloud systems | ||
<br /> | <br /> | ||
A data backup, up-to-date end devices and good passwords primarily help against data loss. Authorisation concepts and encryption of data help to prevent unauthorised individuals from reading or manipulating data unnoticed. '''Data on laptops is particularly at risk''' because access to the device by others through theft or hacking attempts always also allows access to the stored data and laptops are often not protected as well. '''Therefore, implement the above measures or ask your responsible administrator for assistance.''' | A data backup, up-to-date end devices and good passwords primarily help against data loss. Authorisation concepts and encryption of data help to prevent unauthorised individuals from reading or manipulating data unnoticed. '''Data on laptops is particularly at risk''' because access to the device by others through theft or hacking attempts always also allows access to the stored data and laptops are often not protected as well. '''Therefore, implement the above measures or ask your responsible administrator for assistance.''' | ||
Zeile 76: | Zeile 91: | ||
<br /> | <br /> | ||
=== Which methods can I use for encryption? === | === Which methods can I use for encryption? === | ||
− | The article [[ | + | The article [[Dateiverschluesselung_einsetzen/en]] explains the procedures recommended by the Information Security Team for the secure storage of data. |
Further notes | Further notes | ||
− | Please also note the information in the article [[ | + | Please also note the information in the article [[Daten_sicher_teilen/en]] on the secure transport of data over the Internet (e.g. by email). |
<br /> | <br /> | ||
+ | |||
==Loss of data== | ==Loss of data== | ||
The purpose of encryption is to protect your data from unauthorised access. However, if you lose the key to your data, you no longer have access to it. For example, if you forget the encryption password, no one might be able to help you to save your data. | The purpose of encryption is to protect your data from unauthorised access. However, if you lose the key to your data, you no longer have access to it. For example, if you forget the encryption password, no one might be able to help you to save your data. | ||
Zeile 90: | Zeile 106: | ||
* [[Datensicherung | Data backup (german)]] | * [[Datensicherung | Data backup (german)]] | ||
'''File Encryption''' | '''File Encryption''' | ||
− | * [[Using Data Encryption]] | + | * [[Dateiverschluesselung_einsetzen/en|Using Data Encryption]] |
* [[Daten_sicher_teilen/en|Sharing Data Securely]] | * [[Daten_sicher_teilen/en|Sharing Data Securely]] | ||
+ | * [[Daten_sicher_aufbewahren/en|Keeping your Data Secure]] | ||
'''Password security''' | '''Password security''' | ||
* [[Schuetzen_Sie_Ihr_Passwort/en|Protect your password]] | * [[Schuetzen_Sie_Ihr_Passwort/en|Protect your password]] | ||
Zeile 100: | Zeile 117: | ||
'''Mail Security''' | '''Mail Security''' | ||
* [[Signierte_E-Mails/en|Signed E-mails]] | * [[Signierte_E-Mails/en|Signed E-mails]] | ||
− | * [[E-Mail | + | * [[E-Mail-Zertifikate | E-Mail Certificates (S-MIME) (german)]] |
'''Viruses/Trojans''' | '''Viruses/Trojans''' | ||
− | * [[Antivirensoftware | Antivirus software installations | + | * [[Antivirensoftware | Antivirus software installations (german)]] |
+ | * [[Virenschutz_unter_Windows/en|Antivirus protection for Windows]] | ||
+ | * [[Virenschutz_unter_macOS/en|Antivirus protection for macOS]] |
Aktuelle Version vom 6. November 2024, 13:36 Uhr
If you want to keep your data safe, it may be useful to encrypt it.
This article explains why digital data should be protected and the possibilities for doing so. An overview of identity card data (digital identities and passwords), communication data (such as email, social media), data from private life (such as photos, certificates) and data from university life (such as theses, reports, exams) and the corresponding necessary technologies (equipment, software) are discussed.
Measures recommended are data backup, up-to-date terminal equipment and good passwords, authorisation concepts and encryption.
Background[Bearbeiten | Quelltext bearbeiten]
Why is it important to think about data security?[Bearbeiten | Quelltext bearbeiten]
In real everyday life we protect important things (such as ID cards, keys, credentials), but also expensive objects (such as cars, or bicycles) or things that are important to us personally (such as photos, memories, diaries, letters).
We are careful and take good care of them, take out insurances, make copies and put them elsewhere to protect ourselves from losing things, getting them damaged or stolen, falling for fraud (like grand-child fraud, fake officials) or our own clumsiness. In the digital world, the protection of digital data is divided into protection goals and associated threats, against which we should protect ourselves.
We present the most important ones regarding data storage and saving here.
Availability of data[Bearbeiten | Quelltext bearbeiten]
The availability of data refers to the fact that you can access your data reliably at any time. The most common damage scenarios here are the loss of data
- by defective or lost equipment (such as a defective laptop or USB stick or a stolen mobile phone)
- due to your own error (like accidentally deleting the wrong file or email, or another authorised person unknowingly deleting something on your computer)
- by ill-intentioned external interference (such as hacker attacks, malware, stolen passwords or identity)
- through defects or changes in software or environments used (such as updates or cloud solutions)
Only making a security copy of your data on a regular basis protects you from all these scenarios. The technical term for this is a backup.
For private data you should make private copies on a regular basis. Information on this can be found, for example, on the Website of the Bundesamt für Sicherheit in der Informationstechnik:
Your university data is stored in the network storage, in the university applications (mail systems of the university, PANDA, PAUL) in a protected way, as the data backup of the university is in effect here.
Critical from a university point of view are your university data on your mobile devices and in cloud environments not released by the university. Therefore, make regular copies to a network storage or do not use local storage at all. For Windows and macOS users there are also automatic synchronisation options.
The ZIM offers a central service Datensicherung for Paderborn University. Alternatively, you can use the data backup options available in Windows or macOS.
🛈
When designing your data backup concept, you can use the 3-2-1 strategy as a guide:
- 3 copies of the data
- 2 storage technologies
- 1 external storage
In addition to backing up your data, you reduce the risk of loss due to third-party maliciousness if you
- Keep your devices always up to date, install the necessary updates promptly,
- Use security technologies such as virus scanners,
- Protect your identity and password and
- Do not work on your device with administrator rights.
These measures also protect the academic environment and your data on the university systems. Because if your device is corrupted or your access data is known to other people, it endangers not only your personal data, but also all data and devices that can be accessed via networks from your device.
Security of Confidential Data[Bearbeiten | Quelltext bearbeiten]
Another threat in the digital world is the disclosure of confidential information'’'. This means that information that should only be accessible to a certain group of people can also be read by others. For example, we regularly read about credit card information or email addresses that have been stolen.
Confidential data in university life includes, for example, all sensitive personal data such as health data, but also survey reports, test results or even research findings that are not yet to be published. You can find a list of data that accumulates in university life and an assessment of its confidentiality in the overview about data classes and their required protection (german).
In the digital world, data can be copied quickly and sent to many people at low cost, for example by email. Unfortunately, if you do not take precautions, it can just as easily and quickly fall into the wrong hands. One possibility is to store confidential data only on a specially protected device (and store this only in a safe). However, conflicts can arise if you need to work with the data regularly, need to access the data in a group or are concerned about the availability of the data as described above.
To protect confidentiality, authorisation concepts (differentiation of users and groups and their respective rights) and encryption procedures are generally used. For example, in current smartphones and tablets, all data is already stored completely encrypted, so that if the device is lost or attacked, other people cannot simply read the stored data. But you can also encrypt your data yourself and thus protect your data from unauthorised access in the event of loss of your device, when storing it in shared storage (network storage, cloud storage such as sciebo), in storages that are administered by third parties (and who therefore basically have access to your data) or when transferring data via the generally non-confidential worldwide Internet (by email or web transfer).
Integrity and Authenticity of Data[Bearbeiten | Quelltext bearbeiten]
From a security point of view, digital data is subject to further threats. It can easily be modified. This is a great advantage in the field of word processing or image processing, but raises the question of originality, changes and authorship. The technical terms used in IT security are the integrity (the correctness of data is guaranteed) and the authenticity of data (authorship is guaranteed). Some encryption technologies like the open source program 7.zip also ensure these objectives.
Summary to Protect Data during Storage[Bearbeiten | Quelltext bearbeiten]
Data is at risk in a variety of ways
- USB stick or external hard disk lost
- Laptop stolen
- Password for the online storage has fallen into foreign hands
- PC infected by malware
- Data transfer via internet or data storage in cloud systems
A data backup, up-to-date end devices and good passwords primarily help against data loss. Authorisation concepts and encryption of data help to prevent unauthorised individuals from reading or manipulating data unnoticed. Data on laptops is particularly at risk because access to the device by others through theft or hacking attempts always also allows access to the stored data and laptops are often not protected as well. Therefore, implement the above measures or ask your responsible administrator for assistance.
What should be observed when using encryption?[Bearbeiten | Quelltext bearbeiten]
System Resources[Bearbeiten | Quelltext bearbeiten]
Encryption methods offer many advantages. However, they also require more system performance. This means that the system that encrypts and decrypts data requires a little more computing capacity and energy. A low-powered computer can therefore become slower in its daily work with encrypted data.
Passwords[Bearbeiten | Quelltext bearbeiten]
An important security factor of data encryption is the passwords used there. Passwords should always be individual and have a certain length and combination of characters. For information on passwords, refer to Protect Your Password.
Data loss due to encryption[Bearbeiten | Quelltext bearbeiten]
The purpose of encryption is to protect your data from unauthorised access. However, if you lose the key to your data, you no longer have access to it. For example, if you forget the password for encryption, as a rule no one can help you to save your data.
Safety[Bearbeiten | Quelltext bearbeiten]
No encryption method can guarantee absolute security. Various criteria, such as increasing computing power, new scientific cryptographic findings or hidden errors can also make encryption programs vulnerable to attack. Please also note the information provided by the Information Security Team at the University of Paderborn.
Which methods can I use for encryption?[Bearbeiten | Quelltext bearbeiten]
The article Using Data Encryption explains the procedures recommended by the Information Security Team for the secure storage of data.
Further notes
Please also note the information in the article Sharing Data Securely on the secure transport of data over the Internet (e.g. by email).
Loss of data[Bearbeiten | Quelltext bearbeiten]
The purpose of encryption is to protect your data from unauthorised access. However, if you lose the key to your data, you no longer have access to it. For example, if you forget the encryption password, no one might be able to help you to save your data.
Security[Bearbeiten | Quelltext bearbeiten]
No encryption method can guarantee absolute security. Due to various criteria, such as increasing computing power, new scientific cryptographic findings, or hidden errors, encryption programs can be vulnerable and thus hacked. Therefore, it is very important to always inform yourself about current encryption methods.
See also[Bearbeiten | Quelltext bearbeiten]
Working safely with your own operating system
File Encryption
Password security
Phishing
Mail Security
Viruses/Trojans