11 Golden Rules

Keep your operating system up to date by installing available updates promptly, as known vulnerabilities are exploited for automated attacks against vulnerable systems.

In addition to manual updates, all modern operating systems also offer the option of automating the update process. The operating system regularly connects to the specified update server via the Internet, checks for new updates, and then installs them automatically.

Protect your computer from infection by malware such as viruses, worms, and trojan horses by using a virus scanner. However, simply installing such software is not sufficient for effective protection. It is crucial that the most important functions of the program are up to date and correctly configured.

If they are not enabled by default, you should always configure the following settings:

• Access scan always active
• Perform a weekly full scan of the system
• Enable automatic updates

See Anti-Virus Scanner.

These include, in particular, office programs (MS Office, OpenOffice, Acrobat, etc.), internet browsers, and e-mail programs, but also programs for chatting or playing multimedia content (Windows Media Player, RealPlayer, Winamp, etc.). Due to specifically manipulated websites and files, the threat potential here is now just as high as for server services, but unlike the latter, the applications are not updated when the operating system is updated. 

All user accounts on a system must have a password, otherwise the computer is easily vulnerable to attack via the network. In particular, many standard Windows installations do not set an administrator password! Passwords should meet certain minimum requirements in terms of length and complexity so that they cannot be guessed by simple (possibly automated) trial and error: https://go.uniwue.de/passwort

Normally, you should not operate locally with administrator permissions, but only with the restricted permissions of a normal user. In all modern operating systems, user accounts can be assigned different permissions. User accounts in the “Administrator” or “root” category have unlimited access to all functions of the operating system. Accounts in the “user” or “restricted” category, on the other hand, have limited permissions.

Administrator permissions are necessary to make or change configurations. Operating with administrator permissions allows many malware programs to fully unleash their destructive power. A successful attacker automatically gains administrator permissions as well.

Unnecessary user accounts should be deactivated or deleted.

If you are operating with restricted permissions in Windows, you can run individual applications with administrator permissions by right-clicking on the corresponding program in the program menu or in Explorer and selecting the menu item “Run as...”.

Software from untrustworthy sources (e.g., P2P file-sharing networks or unofficial websites) often contains malware such as viruses, worms, trojans, and rootkits. When the corresponding file(s) are opened or executed, the malware becomes active, often without the user noticing. It is irrelevant whether it is a manipulated application or manipulated data for a vulnerable application.

Therefore, only use original software/data and obtain it directly from the manufacturer or a trustworthy source if possible.

Only install software that you really need.

Do not leave your computer unattended when you are logged in. Log out, lock access, or activate a screen saver with a secure password when you leave your workplace, even if it is only for a short period of time.

Turn off your computer when you leave your workplace for a longer period of time, such as at the end of the day.

Never run software that has been sent to you as an email attachment. Disable the automatic display or execution of email attachments in your email program. Be wary of emails that ask you to install software or provide passwords, credit card numbers, PINs, TANs, or similar information. Do not reply to emails with unwanted or dubious content, even to unsubscribe from these emails. Virus-infected emails usually pretend to come from familiar sender addresses. Be wary of unexpected emails and especially their file attachments. If possible, disable the HTML view of emails and use the text only view instead. Check all files downloaded to your computer with a virus scanner. 

Be suspicious if someone contacts you about a (supposed) problem and asks you for sensitive data such as passwords or configuration settings. The university's IT administrators and external service providers will not ask you for your password.

If in doubt, ask for the name of the IT administrator and call them back using the phone number listed in the university's address book or information system.

Remove unnecessary services and application programs or do not install them in the first place. If services/programs are not needed permanently (chat client, etc.), they should be started manually and deactivated/closed again after use.

Careful application of the Golden Rules improves the security of your system and the data stored on it. Unfortunately, it is not possible to provide absolutely secure protection against attacks, user errors, or hardware damage. Since files can also be modified in the event of damage, a data backup should also allow restoration to a point in time further back. To prevent data carrier errors, backups (possibly rotating) should be stored on different storage media.

The central backup of the IT service center backs up the network drives in the university network, the central email server, and the server systems of the IT service center. Local drives on your computer are not covered by the central backup.