This article explains how to share data securely with other people over the Internet. It also explains VPNs, with which a remote work place can be securely connected to the university network.
Background[Bearbeiten | Quelltext bearbeiten]
It is important for Internet users to know that digital communication over the Internet happens unencrypted and in plain text. A comparable example is the postcard, which can be read by everyone in the post. This also applies in principle to the Internet. It is even easier to intercept or manipulate communication on the Internet than it might be in the postal service. So if you want to protect your data during an exchange, it is imperative to encrypt your data and / or the communication channels you use.
In the following chapters, we provide information about various ways in which data can be shared with other people via secure channels. There are basically three procedures for this:
- to use shared memory areas,
- to allow access via special storage locations via a hyperlink or
- to send data by e-mail.
[Bearbeiten | Quelltext bearbeiten]
This option allows you to create a storage space that you can share with others. This option is useful when you want to exchange data repeatedly over a long period or work on it together with colleagues. Typical examples are projects or working groups or committees. The university's own services (i.e. the network storage) and Sciebo encrypt all network communication, so that the exchange is secure. The University of Paderborn provides a number of services for this.
- Each group can be given its own restricted area on the network storage, which can be accessed only by members of the group, if desired. You can use it as a storage area for files that you edit together in your group.
- Use of the Campus Cloud Sciebo can be performed in a team by using Project User Boxes whose storage capacity exceeds the standard size of 30GB. To apply for such a Project Box for your project, please contact the IMT.
- Another possibility for cooperative work and above all exchange is offered by Kooperations Moodle.
Exchange via memory areas[Bearbeiten | Quelltext bearbeiten]
If you want to share files with others selectively, you can also use sharing via memory areas. In the storage areas mentioned in this chapter, the exchange, i.e. the transport of data, is encrypted. This means that an unauthorised party cannot read your data during the exchange. However, if the data is very confidential (e.g. sensitive personal data), we recommend that you also encrypt the data before sharing. The article Using Data Encryption explains how to encrypt sensitive data.
Sciebo[Bearbeiten | Quelltext bearbeiten]
Sciebo is a non-commercial cloud storage service for research, studying and teaching, which is operated by the University of Münster for all universities in NRW. Via Sciebo, users can access files in encrypted form and synchronize files independently from their used device. To share data with others via sciebo, you create a protected link to the file and send it. Information about Sciebo can be found at: Sciebo General information
Network storage[Bearbeiten | Quelltext bearbeiten]
In the "public" directory of the IMT network storage you can store files which are then easily accessible to all persons with a university account. People without a university account can access it via an https-address. For details on configuring and using the network drive, refer to Netzwerkspeicher(german).
GigaMove[Bearbeiten | Quelltext bearbeiten]
GigaMove is a platform for data exchange provided by the University RWTH Aachen. It offers the possibility to send large files conveniently via link and to provide them with an optional password. More information about Gigamove can be found under GigaMove.
E-Mail communication[Bearbeiten | Quelltext bearbeiten]
The exchange of data by email is simple and fast; anyone can use it anywhere in the world today. However, email communication without further measures is not a confidential means of communication and the authenticity of the sender and recipient is also not guaranteed, i.e. email addresses can easily be forged and email contents can easily be manipulated and read.
The following terms must be distinguished in connection with secure e-mail:
Signed e-mails
This procedure prevents phishing mails. Signing ensures that the sender of the mail can be trusted.
- The e-mail is signed by the sender with a certificate.
- The recipient can see from this certificate that the e-mail really comes from the specified sender.
- Only the sender of the mail needs a certificate
Encrypted e-mails
- The E-mail is encrypted with a certificate.
- The E-mail can only be read by the recipient and sender.
- Sender and recipient need an e-mail certificate.
If you want to send confidential data by email, you must either encrypt the entire email (to do this, sender and recipient need an email certificate). Alternatively, you can encrypt only the file you want to exchange. In this case you only need to provide the recipient with the password to decrypt the file. For details on the practical use of encryption programs, refer to Using Data Encryption.
On the following pages you can find out how to sign or encrypt your university e-mails (in german):
Further information on e-mail encryption can be found on the BSI website (in german): https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/Verschluesselung/EMail_Verschluesselung/email_verschluesselung_node.html
Virtual Private Networks (VPN)[Bearbeiten | Quelltext bearbeiten]
In order to access the university infrastructure from an insecure location, e.g. WLANs in hotels or restaurants or other universities, a so-called VPN connection is used. The communication between the participants of a virtual private network then runs encrypted to the services of the university. Besides the clear advantages, there are also some disadvantages.
Advantages
- You can use certain services that you can otherwise only use locally from the local network. At the University of Paderborn, for example, these are the network drives and the download of materials from the University Library catalogue.
- The connection to the VPN operator is encrypted. You can thus protect your communication from being viewed and manipulated by third parties. This is helpful if you do not trust the operator of your Internet access. An example is the use of a public or unencrypted WLAN.
Disadvantages
- The VPN operator can learn a lot about your communication if he wants to. You must therefore be able to trust your VPN provider sufficiently. Be suspicious of free VPN offers. These often earn their money with advertising.
- Since all communication is handled by the VPN operator, your data will take a diversion which can lead to delays. For video conferences, this can lead to a significant deterioration in the connection quality.
The following applies to VPN access at the University of Paderborn:
- Use the VPN connection only when you need it (network drive, library catalogue, etc.)
- Disconnect the VPN connection for video conferences (BBB, Jitsi, Teams, Zoom, etc.)
- Disconnect the VPN connection if it is not needed
Further information on VPN access at the University of Paderborn: VPN einrichten (german)
See also[Bearbeiten | Quelltext bearbeiten]
Working safely with your own operating system
File Encryption
Password security
Phishing
Mail Security
Viruses/Trojans