Tips & Information

For employees and students

Wi-Fi networks

Others will be able to see what you do on the internet and what kind of information you type in when you use open and unsecured Wi-Fi networks (networks without a required password). Don’t use networks that you don’t know or don’t trust when you’re working with confidential information such as e-mails, passwords and online banking data. Encrypt your own wireless network with WPA2-AES to prevent others from intercepting your data.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Phishing

Phishing is a form of fraud using e-mail or phone calls. In these messages people are asked to share their personal or login information. LISA and the University of Twente will never ask for your account details via e-mail or phone. If someone calls you with this request, please write down their phone number and report this attempt to the Servicedesk ICT (phone #: 5577, servicedesk-ict@utwente.nl) or report directly to security@utwente.nl.

Should you receive a phishing e-mail, please forward that e-mail in full to security@utwente.nl. This applies only to phishing mails that try to gather information about accounts of the University of Twente. Other phishing mails will not be investigated.

If you replied to a request for information (by e-mail of phone) accidentally, please change your password immediately and contact the Service Desk ICT (phone #: 5577).

Spam e-mail

Receiving spam e-mail in your inbox. If you receive such a spam e-mail, you can inform the administrators of the SURFnet mail filter thereof. So this mail will be captured in the future by the mail filter.

This can be done in two ways:

1)

Send an e-mail to mailfilter-beheer@surfnet.nl and attach the spam e-mail.

Drag the spam e-mail to your desktop. Compose an e-mail to the e-mail address and attach the message from your desktop into this e-mail. Add a subject and some explaining text to this e-mail and send it.

Note: please do not forward the spam e-mail, the administrators of the SURFnet mail filter will not receive this e-mail.

2)

Through spam e-mail tag, follow the manual.

Social Engineering

Social engineering is a way to entice people to share private information or make unsafe use of their computers. A scammer will use this tactic to try to win their victims trust by pretending to be an acquaintance or a part of a legitimate organization. Social engineering can be used to convince the victim to open, download or install files that contain malware. An example of this is to hand out free USB sticks or to ‘lose’ them on purpose to try to get people to load the files on that stick onto their computer. Social engineering will often be used to complement a phishing attempt.

If you suspect social engineering, please report this attempt with the Service Desk ICT (phone #: 5577, servicedesk-ict@utwente.nl) or report directly to security@utwente.nl.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Firewalls

Firewalls (both hard- and software) create a barrier used to control which connections are being made between your computer and the internet. It is strongly advised to activate a firewall on your computer.

You can check if your computer has open ports that are vulnerable to attacks at www.ipscanner.nl. Most modern modems and operating systems have built-in firewalls. Please check the manual of your modem or operating system (Windows, Mac OS X) to activate your firewall.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Antivirussoftware

Install an antivirus program to protect your computer, tablet or mobile device from malware. When using these programs, enable automatic updates and let the program scan your device regularly (e.g. once a week). If your antivirus software comes with a built-in firewall, enable that to control the connections that are being made between your device and the internet. Don’t forget to update these programs as soon as it’s needed. An example of good antivirus software at the moment is Hitman Pro.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Software updates

Developers of operating systems, browsers and other software like Microsoft Office, Adobe Reader and Oracle Java will release regular updates to counter vulnerabilities in their software. To prevent hackers from using these vulnerabilities to access your data, search for and install software updates at least every month and enable automatic updates when possible. Internet fraud is mostly targeted at outdated software, so remember to update your operating system (Windows, Mac OS X), antivirus software and all the applications and programs that you use.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Websites and downloads

You risk installing malware on your computer when you visit the wrong websites or download infected files, so please be careful of what you do on the internet and make sure your computer is well protected with a firewall and antivirus software.

Use of data carriers

Data carriers such as laptops, USB-sticks, mp3 players and external HDD’s often contain files you don’t want others to have access to, like personal information, photo’s and confidential documents. You can encrypt data carriers so others can’t acces these files in the event that you lose the device.

It’s also possible that data carriers contain malware that will be transferred to your computer and spread to other systems from there. To counter this, always scan a device before you try to access the files it contains.

Securing your hardware

Remember to use quality locks on your doors and windows and to store your confidential documents in a safe place. Locks and cables can be used to secure your computer. Taking precautions can prevent or greatly reduce the damage caused by theft, fire or flooding.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Back-ups

Make sure you make regular copies of important files. These copies should be made at least once a week, and perhaps even several times a day when you’re working on an important document. Back-ups can be made by burning them onto a CD or DVD, by copying them onto a USB drive or to copy them to a personal home directory on your network. Keep your back-up in a safe and locked place, and keep it away from the source files. You can use dedicated back-up software to make your copies, or you can simply use your operating system to copy the files to your back-up system of choice.

Passwords

All of your systems, files and e-mail are available through your combination of username and password. You should never share these with others. Your password should be yours only and it should not be easy to figure out. Change your password regularly, especially when you suspect someone might have seen you type in your password. Don’t use the same password for everything and don’t save them in your internet browser.

Strong passwords are at least ten characters long and contain numbers, upper and lower case letters and punctuation marks. Strong passwords do not contain whole words or sequences.

Account sharing

Your combination of username and password are not only used to grant you access to a system. They will also be used to trace misuse to a specific person. For this reason you should never let someone else make use of your account or let them know your login details

Messages and files

When receiving an unexpected message with an attachment, (shortened) hyperlink or a request to log into a system, use common sense and disregard these messages, even when you know the person who sent them. Only accept a message when you expected to receive it. It is best to delete spam as soon as possible.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Website certificates and URL’s

Check the URL and the web certificate (the lock symbol in the address bar of your web browser) to make sure you’re not visiting a copied or unsafe website. If a website has no web certificate, don’t fill in any personal or confidential information. Bookmark websites that you use often and watch out when opening shortened URL’s. These are often used on social networking sites.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Pop-ups

When closing a pop-up never click on ‘agree’, ‘OK’ or ‘X’. You may accidentally install malware when doing this. Instead, use the key combination ‘Alt+F4’ (Windows). You can also install a pop-up blocker.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Social networks

It’s very easy to put information online, but it can be very difficult to remove it, so think carefully on what you want to share with the world on the internet. Shield your personal networking sites and take care in choosing who you allow to access your profile and personal information. Should you share your personal information somewhere, check which organization it is, how long your data will be kept and who else will have access to your personal information. Never give out more data than absolutely necessary.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Cloud services

External cloud services such as Dropbox, Google Drive and Microsoft Onedrive can be very useful, but remember that by using these services you’re giving others access to your files. Therefore, you should never save confidential or personal data with these services.

Computer use

Your computer will probably contain confidential information such as personnel files, dissertations, project documents and personal files and photo’s. It will only take someone a minute to copy, delete or modify these files. For this reason you should always lock your computer or laptop when you leave your seat or work station. Also, don’t forget to shut down your computer when your leave work.

[Source: NCTV – Alert Online - www.alertonline.nl/]

Reporting ICT vulnerabilities

Here at the University of Twente we consider the security of our systems of the utmost importance. However, it’s always possible that one of our systems contains a vulnerability. Should you find such a vulnerability in one of our ICT systems, we would greatly appreciate your report on this. We would like to work together to better protect our users and our systems.

You can send your report to responsible-disclosure@utwente.nl. If this report contains sensitive or confidential data that you wish to encrypt, please make mention of this in your e-mail. We will send you an address to which you can send your PGP encrypted e-mail.

Quarantainenet

If a system within the UT network is being misused to, for example, send out spam or attack other networks, this system may be put into quarantine. The ICT Service Centre will then start an investigation as to the cause of this misuse. If your system is put into quarantine, please contact the Servicedesk ICT (phone #: 5577, servicedesk-ict@utwente.nl) for more information.

Maintenance and failures

Our ICT Service Centre maintains a calendar with current and planned downtime of services. Malfunctions will also be displayed on this page. When unable to reach a system or service, please follow this link for more information: http://www.utwente.nl/lisa/en/maintenancefailure/.

For employees

Codes of conduct ICT

The University of Twente has set up a code of conduct ICT for employees. See the following link for more information:

http://www.utwente.nl/hr/en/terms-of-employment/cao-regulations-codes-conduct/codes-conduct/code-of-conduct-itc-internet/

Gedragscode ICT functionarissen

The University of Twente has set up a code of conduct ICT for employees with an ICT function. See the following link for more information (Dutch only):

-

http://www.utwente.nl/sb/uim/informatiebeveiliging/Gedragscode_ICT-functionarissen.pdf

Information security policy

The information security policy can be found here (Dutch only):

-

http://www.utwente.nl/sb/uim/informatiebeveiliging/informatiebeveilingsbeleid_ut.pdf

For Students

Codes of conduct ICT

The University of Twente has set up a code of conduct ICT for students. See the following link for more information:

http://www.utwente.nl/sb/en/policy/information_management/Gedragscode%20e-mail%20studenten%2026%20mei%202011_EN.pdf

Codes of conduct campus network

To use campus network the code of conduct is made by Student Net Twente. See the following link for more information (Dutch only):

-

http://www.snt.utwente.nl/helpdesk/beleid/aup