Basic IT-Security

Content

1. overview

This document describes which programmes should at least be installed on the computers computers at Fulda University of Applied Sciences and how these programmes programmes must be configured so that a certain “basic security” is available. Since even the best security measures do not offer any protection if the users circumvent the users circumvent the protection or do not take the measures seriously measures seriously, there are also some tips on user behaviour. behaviour.

In the settings instructions from chapter 2 onwards “Start > … > …” means that you start with the Start entry in the menu bar (generally at the bottom left of the screen) and then click on an entry in the menu screen) and then start with an entry in the menu, a tab or another tab or another element that has the corresponding label. corresponding labelling.

2. necessary and helpful programmes

(technical protection)

In order for you to be able to work with the computer at all, it requires an operating system. The operating system must always be up to date so that all known security security holes" are “plugged”. If the operating system provides an “Automatic Update” is available, this feature should be activated, as the security holes are then closed as quickly as possible. closed as quickly as possible. The current Windows operating systems from Microsoft offer this function. With Windows 10 you can you cannot actually prevent the system from updating automatically so you don’t have to do anything. If you nevertheless still want to start a manual search for updates, click in Windows 10 with the right mouse button on “Start” and then on “Settings”. Then click then click on “Updates and security” and then on “Check for updates” to start a search for current versions to start a search for current versions.

Access to the computer from the Internet or from programmes programmes on the computer to the Internet should be monitored and controlled. This task is performed by a firewall. Although all computers at Fulda University are protected by a central firewall, a local *firewall nevertheless a local firewall should be set up on each computer to protect computers within the university network (intranet). (intranet), which may be poorly maintained and therefore and are therefore infected with malware (viruses, worms, Trojans, etc.), etc.). In addition, the local firewall may be able to prevent malware from spreading from an infected computer to other computers in the from spreading from an infected computer to other computers at the university. Under Windows, for example, you can use the Windows firewall, which is included as standard in the newer Windows operating systems. Click with the left mouse button on “Start” and then select “Windows Security” (at the bottom of the programme list) if you are using Windows 10. There you should see for “Firewall & Network Protection” should say “No action required.” should be displayed. If actions are required, click on “Firewall & network protection” and then successively on “Domain network”, “Private network” and “Public network” and switch the switch there “Windows Defender Firewall” to “On”. **On Portable computers (notebooks) must have a firewall set up.

Every computer must be protected against malware (viruses, worms, Trojans, etc.) by an antivirus programme. The university Fulda uses the Sophos Intercept programme for this purpose, which must be used on all university computers. Please check all formatted attachments (Word, Excel, PDF, …) of emails for malware before you open the attachments with the corresponding programmes. open the attachments with the corresponding programmes. Further information (also for private computers) can be found on the Virus protection (Sophos) page of the computer centre.

Of course, you not only want to protect your computer but also use it. The required security settings for your email programme can be found in the separate document E-Mail and the settings for your for your web browser in the document web browser, as the number of different products is beyond the scope of this document. number of different products is beyond the scope of this document. the scope of this document. You can also open these documents via the navigation bar. The security settings for your other programmes should be researched in the Help of the programme or on the Internet.

Remember to update all programmes automatically or at least or at least regularly, so that you can prevent malware and hackers as difficult as possible.

3. passwords and two-factor authentication

Choose a good password and keep it secret. The document Passwords describes how to create a good password and how to change it. change it. Please be sure to observe the following instructions.

never give your password to other people, as you as you may be held responsible for this, if your user account (Account) is misused by other people. misused by other persons.
do not write down your password or at least keep it far away at least far away from your computer and without any recognisable reference to your user account (never in the same room).
never save your passwords in files or programmes to programmes to “make your work easier”, as they can otherwise be otherwise they can be read and misused by malware. by malicious software.
change your password immediately if it has fallen into hands or if you suspect that it has become known to unauthorised it has become known to unauthorised persons.
use different passwords for different computers or different computers or activities.
never use your user name and password for competitions for competitions or similar.
never use a password on any Internet site that is similar or even the same as your own password or even the same as your own password, as this will give a potential “hacker” an opportunity to break into your computer if these details are stored in plain text.
if you have forgotten your password, you can a new password at the computer centre. at the computer centre. Your identity can be verified on site using a photo ID or via a video conference. video conference.
protect the booting of your computer (the so-called boot process) with a password (the so-called (the so-called “BIOS password”, see sections “Functions” and “Security” in the German explanation of the BIOS or better explained in the section “Configuration” in the English explanation BIOS](https://en.wikipedia.org/wiki/BIOS)) if you store personal or other sensitive data on the computer. personal or other sensitive data on the computer. This protection must also be effective if an intruder uses the computer with its own CDROM, DVD, a memory stick or something similar. wants to start the computer. If the computer does not have such BIOS password protection, personal data may not be personal data only encrypted on the hard disc. stored on the hard disc.

Access to some functions of some applications (e.g. in the Huniversity Organisation System for **study and teaching (“horstl”)) is restricted for some persons (e.g. employees and lecturers) by means of a two-factor authentication (often also referred to as “two-factor authentication”), so that these persons must identify themselves legally by a second factor in addition to the password. The system can can then verify (authenticate) the identity of the factors (authenticate) and grant them the privileges privileges (rights) to which the proven identity is entitled (authorisation). identity (authorisation). The web page for two-factor authentication of the data centre describes which procedures are supported and how they can be can be set up. Further information on two-factor authentication can also be found at Wikipedia. Please note the following information.

enter your second factor (smartphone with registered app registered app or hardware token for generating a one-time to generate a one-time password) to other other people, as you may be held responsible if your user account be held responsible if your user account (account) is misused by other misused by other persons.
if you use a hardware token, it is prohibited to hardware token* together with the end device (e.g. notebook) in the same bag. notebook) in the same bag.
loss of the second factor or suspicion of misuse of the second factor misuse of the second factor must be reported immediately to the IT security officer of the data centre. must be reported immediately.

4. personal behaviour

Never enter personal data on the Internet, if it is not absolutely necessary. If necessary, make up names and addresses, when registering with web providers, discussing in forums or chatting in in chat rooms. Please also note the following tips.

never change your password, the configuration of the operating operating system or a programme at the request of another (unknown) person who contacts you by telephone. Never download software from the Internet at the request of another person from the Internet at the request of another person in order to install it. Never call up certain web pages and never enter any commands never enter any commands if an unknown person by an unknown person.
never pass on sensitive or internal information by telephone. by telephone.
label portable data carriers (CDROM, DVD, memory stick, etc.) containing sensitive data and lock them lock them when you leave the room.
ensure appropriate disposal of sensitive documents and documents and data carriers that currently contain confidential data or have contained confidential data in the past.
never use CDROMs, DVDs etc. from unknown sources (simply “lying around” somewhere in public) on a university computer, as the autostart function can automatically install automatically install malware on the computer. could be installed on the computer.
never open email attachments if you you were not expecting the email and before you have checked the attachment have checked the attachment for malware. Remember that the sender may be forged.
never forward an email just because the email asks you to. it is requested in the email. Do not contribute to the spread malware or spam e-mail.
do not send sensitive information by email or only in encrypted form.
protect your computer with a password-protected screen saver or log off when you leave the room. when you leave the room.
make sure that you always have the latest antivirus and antivirus and anti-spy software is always installed on your computer and use an up-to-date firewall.
never deactivate or remove the antivirus software or the antivirus software or the firewall without the permission of the data centre.
no one may download or use software that enables the circumvention of protection mechanisms. Exception: System administrators and system administrators to check and maintain the security of the systems.
no one may connect their own network access to their workstation computer without the computer centre without the consent of the computer centre.
students are not entitled to data backup and restoration, so that they may have to back up important data themselves. back up important data themselves.

15 Pay attention to security-relevant incidents and report them. report them.

5. measures in the event of a virus attack

If you suspect or even know that your computer has been infected by one or more one or more malicious programmes (viruses, worms, Trojans, etc.) you should take the following measures.

disconnect the infected computer as quickly as possible possible from the university network**, to avoid further damage by spreading the malware to other other systems. The affected system should not be disconnected from the power supply and also not be shut down, so that forensic analyses can be forensic analyses can be carried out later to investigate the malware and the damage caused and so that measures can be taken to contain consequential damage. can be taken.

If the computer is connected to the university network with a **network cable university network, the cable should be disconnected. The cable is provided with a tick, which is sometimes hidden under a plastic cover and must be pressed down before disconnecting. must be pressed down before disconnecting.
If the computer is connected to the university network via the wireless network (WLAN), you should university network, you should try to switch off the network via the WLAN switch or the touch-sensitive screen (*touchscreen screen (touchscreen) to switch off the network. If the malware prevents this, you should try to switch off the switch off the device by pressing the on/off button for several seconds. In this case disconnect the device from the power supply if it is and remove the battery if this is possible. possible.

Then immediately inform the helpdesk of the data centre and the person computer centre and the person responsible for the administration of the computer.

also report the incident to your IT security officer or your IT security officer, who may be able to assist you in cleaning your computer or tell you who can help you, remove the malware from your computer. Depending on depending on the type of infection, it may be necessary to reinstall the computer and restore the data from a from a data backup, as this is the only way to ensure that the that the malware has been completely removed. has been completely removed.
if a new installation is not necessary and you want to you want to remove the malware yourself, you will need a so-called rescue CD, which contains a boot-compatible operating system and antivirus software (e.g. Desinfec’t). You will need to remove the CD/DVD or the memory stick on a different computer and then start your computer from this medium so that you have a “virus-free” environment. Then you can scan your hard drive with the antivirus programme and remove the malware. If no virus is found, your computer may still be infected with malware that the antivirus programme just cannot find. In this case, be sure to contact the computer centre before you reconnect your computer to the university network.
to ensure that your computer is not immediately infected with malware again immediately, you should update the software on your computer computer software and, if you have not already done so, install an antivirus programme and a local firewall. You will find information on this in Chapter 2 of this document.
the computer centre and the local system administrators are system administrators are obliged to ensure the operation and security operation and security of the university network and carry out the following actions if there is imminent danger is imminent:

If necessary, they block the IP address at the next possible location.
If the infected computer is in the university network via the (WLAN) in the university network, block the user account user account and interrupt the connection.
They notify the user or the administrator responsible or the responsible administrator about the error. administrator responsible about the error.

6. system administration

System administrators have a special responsibility and special responsibility and should ensure that in their area of responsibility the IT security policy is implemented and adhered to. They should also observe the following instructions.

user accounts should be created in such a way that only good passwords can be used and that the user user account is blocked if a password is entered incorrectly several times password is entered incorrectly (if the system offers these possibilities).
change default passwords of telephone systems, computers, network components etc. and, if necessary, block standard users (guest (guest accounts) to protect the systems.
regular data backups should be backups should be carried out and the data backup media should stored in fireproof and burglar-proof cabinets if necessary fireproof and burglar-proof cabinets where necessary for the data inventory. If personal or other sensitive data is stored externally, they should be stored in encrypted form.
change or block the computer access authorisation, when a person leaves the university or is assigned a new receives a new area of responsibility. The required data must be from the Student Service Centre (SSC) for students and by the Human Resources Department for staff to the Computing Centre, which immediately forwards the data immediately to all system administrators and system administrators. to all system administrators.
if a system administrator leaves the university, the system administrator leaves the university, **all system passwords must be changed immediately and, if necessary, the password files or databases must be searched for new for new accounts with privileges in order to privileges to ensure the security of the systems. Under UNIX-like operating systems, it may also be necessary to search for programmes with privileges (SUID or SGID bit set) that do not that are not part of the normal operating system.
temporary user accounts should be deactivated if the project for which they were set up has been terminated. they were set up.
users may not deactivate their user account deactivate by telephone or have it activated. Deactivation or activation can only be only be arranged in writing or in person. If the person is not known, the identity must be be verified beforehand. The verification can be carried out on site using photo identification or via a video conference. video conference. In the case of written applications, it should it should also be clarified whether the application was actually person has actually made the application.

8 System administrators should download and use software use software that makes it possible to check and maintain the security security of the systems (e.g. Password Cracker for checking verification of good and bad passwords passwords if the system allows access to the passwords). passwords).

7. wireless networks (WLAN) / server

The following provisions apply to the operation of wireless networks (WLAN) and servers. the following provisions apply.

the departments and central facilities may own wireless networks that allow access to the general computer computer infrastructure may only be operated with the consent of the computer centre. Isolated radio networks for for training may be set up and operated as required. as required.
network access to productive radio networks may only take place via user authentication. Access via hardware or IP addresses is not permitted.
data traffic in wireless networks must be encrypted. Under no circumstances may passwords be transmitted in plain text be transmitted in plain text in a wireless network. Instructions for setting up the WLAN can be found on the website WLAN (eduroam) of the computer centre.
the access data (IP address, user account, time) for productive wireless networks productive wireless networks must be logged.
the departments and central facilities may operate their own servers that are connected to the university network, only with the approval of the computer centre. Isolated servers in closed laboratory networks for may be set up and operated as required. as required.
no servers may be operated in wireless networks.
servers* may only be managed via external access points using a secure VPN connection. Information on setting up the VPN software can be found on the web page VPN access of the computer centre.
the VPN access software, the configuration file for the VPN software the VPN software and the user ID and password for dialling into the for dialling into the wireless network of Fulda University of Applied Sciences not be passed on to other persons.

8. data encryption

There are many products that support the encryption of data. encryption. If you want to send sensitive data as an attachment to an email, you can compress and encrypt the file or files for example with the programme 7-zip and encrypt it. The password for decryption can then be communicated to the recipient by telephone, for example. “7-zip” also supports the encryption of the archive directory (header encryption), so that an unauthorised person unauthorised person cannot even find out the names of the files in the archive. the names of the files in the archive.

If you work on your hard drive on a daily basis, you do not want to encrypt and decrypt the files manually, especially as the files would then be stored unencrypted on the hard drive for the would be stored on the hard drive for the duration of processing. For this you need product that encrypts the data automatically and transparently for you (on-the-fly) encrypts and decrypts the data. These products can be into two classes:

products that encrypt files or all files in a file directory directory. This category includes, for example the product Encrypting File System (EFS), which is an extension of the of the NTFS file system from Microsoft and can therefore be used in every modern Windows* operating system. Since temporary files in the Windows world are often are often stored in other directories or even in other partitions partitions, it can happen that the temporary files are stored files are available unencrypted after processing (the temporary (the temporary file is deleted, but its content is not destroyed content is not destroyed, so that it could be be restored later).
products that create an encrypted partition in a file (a so-called file (a so-called container) or encrypt a complete encrypt a complete partition of the hard drive. They are then divided into products that can only encrypt can encrypt data partitions and those that can can also encrypt system partitions. If a can encrypt both data and system partitions, the entire hard disc the entire hard drive can be encrypted. This group This group includes, for example, the commercial product SecurStar DriveCrypt and the free product VeraCrypt. Wikipedia presents in the article Comparison of disk encryption software" describes the features, availability, up-to-dateness etc. of many hard disk hard disc encryption programs. Microsoft Windows offers for some operating system versions the programme BitLocker for some operating system versions.

A detailed description of the use of these programmes would beyond the scope of this documentation. Further information can be found Wikipedia 7-zip, Encrypting_File_System, VeraCrypt, BitLocker.

9. segregation of computers, printers and data carriers

When disposing of computers and data carriers, you should data carriers, you should remember that the data is not physically destroyed or overwritten when the files are deleted, so that they can be restored later under certain be restored later. It is therefore essential that you observe the following notes.

make sure that sensitive documents or data carriers data carriers (hard disk, CDROM, DVD, memory stick, etc.) containing personal or other sensitive data data are not destroyed in a recoverable manner (e.g. using a shredder, where possible) before they are possible) before they are discarded.
ensure that hard drives are completely magnetised if necessary magnetised or destroyed in such a way that they cannot be cannot be recovered if they contain personal or other sensitive data. or other sensitive data.
remember that (network) printers are often equipped are often equipped with hard discs on which files are temporarily files before printing and therefore do not forget to destroy the data on these hard disks before the printer is discarded. is discarded.
many devices store configurations in flash memories. Remember to delete the configurations before before removing the device from service, as knowledge of the configuration knowledge of the configuration may facilitate an attack on the IT infrastructure.
remember that under certain circumstances multi-function devices, scanners, fax machines etc. may also be equipped with hard disks or flash memories on which data is stored temporarily. data is stored temporarily. Delete this data before you discard the device.

10. further information

Modern copiers are generally equipped with hard discs, on which the copies are temporarily stored before printing. Do not forget to destroy the data on the hard discs, before the copier is discarded. If the copier is also used to copy personal or other sensitive data is to be copied on the copier, the photocopier should always be installed in a locked room and not be and should not be connected to the university network. The data can be read if a computer can be connected to the copier and the computer can be connected to the copier and the administrator password is known password is known (for many copiers, the standard password together with the the operating instructions on the Internet). Some copiers can be equipped with a module to securely erase the hard disc. hard disc.

Passwords

Content

1. overview

Protect your user account (account) with a good password that you can easily remember and that a stranger or a programme will find very difficult or impossible guess (in a reasonable amount of time). Programmes that want to “crack” passwords “(password crackers) generally work with dictionaries so that every password work with dictionaries, so any password that can be found in a dictionary is a bad password. “peter”, “pEter”, “pEter84” or similar passwords can be found by a programme in no time at all. As computing power ever greater, programmes can also try to generate and test all possible passwords. Today’s workstations (May 2008) can generate approx. 100,000,000 passwords per second per second. If your password consists of only five lower case letters (e.g. “peter”), the programme only has to test all passwords passwords consisting of 26 letters with the lengths one, two, three four and five to generate your password with certainty. with certainty. In this case, a maximum of “26 + 262 + 263 + 264 + 265 = 12,356,630” passwords would have to be generated and be compared. The programme would have found your password using the so-called Brut-Force method on today’s workstations in about 0.12 seconds. If you had chosen a similarly simple password with a length of eight characters, the programme would have would have to generate about 2.17 * 1011 passwords and would take up to 36 minutes.

If your password contains upper and lower case letters, numbers and special characters special characters (e.g. from the following ten special characters “,;.:-_!%/#”) you would already have a character set of 26 + 26 + 10 + 10 = 72 characters. With a password length of eight, the programme would have to generate and compare around 7.3 * 1014 passwords in a Brut-Force attack, which would take around 84 days. would take. As a rule, the programme would find your password much faster. If you are unlucky, your password your password is at the beginning of the generated password list and is found found after just a few seconds. On average, a password found by these programmes in half the time (i.e. around 42 days). found. For this reason, today’s programmes generally use programmes generally use so-called dictionary attacks instead of brute-force attacks, as they can reach the target faster with many passwords more quickly. Further information can be found at Wikipedia.

In reality the programme should have access to the table with the encrypted passwords, as otherwise it would not be able to compare the generated otherwise it would not be able to compare the generated passwords with the real passwords.

2. good passwords

A good password fulfils the following requirements:

it contains at least one uppercase and one lowercase letter letters, at least one number and at least one special character. special character.
it is at least twelve (preferably 14) characters long.
it does not appear in any dictionary without taking into account numbers and special characters and capitalisation in any dictionary (not even in foreign-language dictionaries). foreign-language dictionaries).
if you change the password, change at least three characters. three characters.

**Keep your password secret! A password that you reveal to other people or write down or write it down and keep it near your computer is not a good password! is not a good password!

You can memorise complicated passwords using mnemonic phrases, e.g. the mnemonic phrase “My new password is now 12 characters long” could replace the good password password “M#nP%ij12Z;l” (initial letters of words and special characters after capital letters). capital letters). Do not use well-known literature quotations as as mnemonics, as these are also known to the cracker programmes. programmes.

3. change password

Under UNIX operating systems (Solaris, Linux, Cygwin) the password is changed in a command line window with the command passwd. First you must enter your old password to authenticate yourself and then enter the new password. After you have entered the new password again for confirmation the new password for confirmation to rule out typing errors, the password is changed by the system. You will not receive an echo for characters entered, so you will not see anything when you type your password. password. The system will still recognise your password. UNIX prevents another user from entering the length of your password. user can spy out the length length of your password to make it easier to break it. easier to break.

Under Microsoft Windows 10 you must select Accounts in the Settings. There you can then click on Sign-in options. In the “Password” field, click on “Change”. Now enter your old password for authentication and enter the new password twice to avoid typing errors. Leave the field for the password hint empty, as the hint is is visible to all users of the computer and would allow them to guess the password. would allow them to guess the password. The “Settings” can be found by clicking with the right mouse button on right mouse button on Start (bottom left in the menu bar) and then clicking on click on “Settings”.

If the user logs in via the Novell Client for Windows (generally Windows computers in the computer computers in the computer rooms), press the “<Ctrl keys “” at the same time. The window “Novell Client for Windows” window opens. Select “Change password”. Now click once on the name of the server in front of your user name and then enter your old password for authentication and enter the new password twice twice to avoid typing errors. It will take a few seconds before the new password can be used on all computers.

If the user logs in on a Windows server (generally Windows computers in the computer rooms), press the the computer rooms), press once simultaneously the keys “” at the same time. The window “Windows Security” window opens. Select “Change password…” and then enter your old password your old password for authentication and enter the new password twice twice to avoid typing errors. It will take a few seconds, before the new password can be used on all computers.

E Mail

Content

1. overview 2. spam email 3. Mozilla 4. Microsoft 5. Novell GroupWise 2018 WebAccess Client

1. overview

This document presents security-relevant settings for various various email programmes are presented. The email programmes that are used on computers at Fulda University of Applied Sciences must be configured accordingly. If on a computer at Fulda University of Applied Sciences is using an email programme that is not included in this document, the corresponding settings in the programme must be settings in the programme must be made in the same way and the name of the the name of the programme must be communicated to the IT Security Officer of the university must be informed.

An email should only ever be sent as normal text, as the HTML code may contain malicious functions that compromise the computer. compromise the computer. Never click on HTML or Office documents in attachments if the email does not originate from a trustworthy source. If you want to send a formatted text, you should send it as an attachment and explicitly refer to this attachment in your email. in your email.

**Remember that the sender addresses of emails can be forged and that malware emails are becoming increasingly sophisticated. are already very often sent in good German or English and have a sender address that is known to the recipient. There are now even more sophisticated forgeries that reply to reply to e-mails that have actually been sent to the fake sender. actually sent once. This is made possible by the fact that e-mails are read by infected computers and at least partially partially transmitted to criminals so that they can information about the sender, recipient, subject and possibly even the message itself the message itself and use it for their malware email. In this way, the acquaintances of the first victim can then be attacked, as the malware email is very credible as a reply to an email of their own.

If possible, never click on links in e-mails, as the displayed and trustworthy text may conceal a completely may conceal a completely different address (instead of “https://…/download/bericht.pdf” for example “https://…/download/malware.exe”). In the meantime attempts are now also being made to send malware, for example as an encrypted ZIP archive, for example, for which the password for decryption is decryption password is provided in the email. In this way this way, an anti-virus programme can detect the malware software in the attachment of the email, while the recipient recipient can open the archive and execute the malware (the anti-virus programme may still be able to prevent the malware from being executed).

**Check links in emails very carefully, before clicking on them (as a rule, the address is displayed in the address is usually displayed in the lower status bar of the email client when you mouse pointer over the link) if clicking on the link is absolutely necessary. link is absolutely necessary. **Check the file type of an attachment and never click on executable files (.exe, .bat, .com, .msi, …). **Prohibit macros in Office documents (Office_Macros_deactivate.pdf) and do not allow them under any circumstances, if an Office document received as an attachment requires it. **Ask the sender of the email by telephone, whether they have sent you the message with the attachments if you are unsure before you use an attachment or click on a link. click on a link.

Be particularly careful if you receive files with the following file name extensions in an email attachment as such files may contain malware.

File	File name extension
Macro-enabled Microsoft Word documents or templates up to Word 2003	.doc, .dot
Macro-enabled Microsoft Word documents or templates from Word 2007	.docm, .dotm
Macro-enabled Microsoft Excel workbooks, extension modules (add-in) or templates up to Excel 2003	.xls, .xla, .xlt
Macro-enabled Microsoft Excel workbooks, Binary workbooks, extension modules (add-in) or Templates from Excel 2007	.xlsm, .xlsb, .xlam, .xltm
Macro-enabled Microsoft PowerPoint presentations, extension modules (add-in) or templates up to PowerPoint 2003	.ppt, .ppa, .pot
Macro-enabled Microsoft PowerPoint presentations, screen presentations, slides, extension modules (add-in) or templates from PowerPoint 2007	.pptm, .ppsm, .sldm, .ppam, .potm
Executable programmes	.com, .exe, .msc, .msi, .mst, .scr
Executable script files	.bat, .cmd, .js, .jse, .ps1, .vba, .vbe, .vbs, .ws, .wsf, .wsh
Shortcuts	.lnk
Control Panel Programs, Windows Jobs, ActiveX Controls, Registry Entries, System Device Drivers, Microsoft Compiled/Compressed HTML Help Files, Microsoft HTML Applications, Program Information Files, Shell Command Files	.cpl, .job, .ocx, .reg, .sys, .chm, .hta, .pif, .scf
(encrypted) archives (especially if you are given the password to open the archive in the email)	.zip, .jar, .cab, .gz, .7z, .tgz

You should configure Windows in such a way that file name extensions are also displayed in the file manager (Windows Explorer) (they are not displayed by default). Click with right-click on the Windows icon in the bottom left-hand corner of the corner of the screen, select the entry Search, enter the value Explorer options in the search field and then click on the entry then click on the entry Explorer Options Control Panel. In the new window, select the View tab and uncheck the the entry Hide extensions for known file types. for known file types*. Then click on Apply and then on OK.

Some email programmes allow you to request automatic confirmations for the receipt of the email. This feature can be misused for spam e-mail, as the sender of the *e-mail of the email then knows that the address is still in use and is ideally suited for spam e-mail. You should therefore switch off this mechanism should therefore be switched off. If you want to allow confirmations for confirmations for the receipt of a message, you should in any case that you are asked before the confirmation is sent. is sent.

Never save passwords in programmes or files files because you are too comfortable to enter the password each time. each time. As malware can find and collect passwords stored in plain text can find and collect passwords stored in plain text, you invite all potential “hackers” to misuse your user ID. misuse your user ID. Security is increased if you store all passwords with a master password. However, the encrypted passwords can also be collected and possibly “cracked” on powerful computers be “cracked” by trial and error.

Session logs are stored in cookies, which are not required for email. For this reason, this service should be switched off for mail & news groups. *Cookies can also be misused to create a profile of the user. profile of the user, which can then be used for targeted can then be used for targeted spam e-mails.

Since an email should only contain normal text, JavaScript and JavaScript* and plugins for emails should be switched off for security reasons. If you require active elements you need active elements, you should send them as an attachment in a file and explicitly refer to the attachment.

**Never open the attachment of an email before you have checked it for it for viruses, worms, Trojans, … **.

In the settings instructions from chapter 3 onwards “Edit > … > …” means that in the corresponding entry in the menu bar at the top of the programme programme window (e.g. “Edit” or “Extras”) and then “Extras”) and then with an entry in the menu, a tab or another tab or another element that has the corresponding label. corresponding labelling.

2. spam e-mail

You can find a good overview of this topic at for example at Wikipedia. At Fulda University of Applied Sciences, spam e-mails are filtered by a spam filter using the keyword “” in the subject: or subject: field field. In very rare cases it can happen that a normal email may be classified as spam. You should note the following for spam e-mail:

do not allow any (automatic) confirmations so that your email address does not register as an active email address “reports” to the sender and you will then receive receive more spam e-mail afterwards.
delete the email without reading or replying to it. reply to it.
do not click on any attachments from spam e-mail.
do not under any circumstances click on any web addresses addresses in the spam e-mail that you can supposedly use to avoid such avoid such e-mails in the future, as this will only only “register” an active e-mail address and receive even more spam e-mails in the near future.
never use your e-mail address for competitions or similar competitions or similar, as this may result in you receiving spam e-mails*. Set up a free e-mail address for such things with any provider for such things, which you can then which you can then delete.
disguise your email address on your web pages, so that it is not found by search programmes and then added to be added to spam address lists.

3. Mozilla

3.1. Thunderbird 91.x

Thunderbird wants to save large attachments on a cloud storage server on the Internet and only specify the address of the file in the email. This means that very large files can be sent by email without any problems but you have no influence on what happens to the file on the *server on the server (duration of storage, data protection, etc.), etc.).

You can click with the right mouse button in the “title bar” (the background at the top next to the “Tab”) and select “Menu bar” to get the “old” display, in which you then click on “Tools > Settings” in the menu bar. “Extras > Settings” in the menu bar. Alternatively you can click on the icon with the three horizontal lines in the top right corner horizontal lines and then click on “Settings”. The following selection instructions require an open settings window open. The following settings should should be made:

select “General” on the left-hand side.

On the right-hand side at the end of the “Read & View” section under “Define the handling of acknowledgements of receipt (MDN) in Thunderbird”, click on “Receipt notifications…” and then select “Never send a confirmation of receipt” select.
On the right-hand side in the section “Thunderbird updates” section, under “Allow Thunderbird “Allow Thunderbird to install updates automatically (recommended: increased security)” should be selected or be selected.

select “Compose” on the left-hand side.

On the right-hand side in the “HTML options” section, click on “Behaviour when sending HTML messages:” click on “Sending options…” and then in the section “Text format” section, select the action “Send messages Send as plain text if possible” in the “Text format” section. For “When sending messages in HTML format to recipients who cannot or do not want to receive HTML or do not want to:” select the entry “Convert messages to plain text text”.
On the right-hand side, in the section “Attachments” section, tick the box next to “Offer upload for files larger than xx MB” should be removed.

on the left-hand side, select “Data protection & security” on the left-hand side.

On the right-hand side in the “Email content” section section, the tick in front of “Allow external content in " should be missing or removed.
On the right-hand side in the “Web content” section the following settings should be made.
- The ticks in front of “Remember visited websites and links and links visited” and “Accept cookies from websites cookies” should be missing or removed.
- Before “Send websites a “Do Not Track” message that your online activities should not be tracked” should be should not be tracked” should be ticked or be ticked.
On the right-hand side, in the section “Passwords” section, all saved “Passwords” can be deleted via “Saved Passwords…” can be deleted. You should never passwords should ever be saved.
On the right-hand side, in the section “Data collection by Thunderbird and its use”, the following settings should be should be made.
- The tick in front of “Allow Thunderbird to send data on technical details and interactions to Mozilla” should be missing or removed.
- The tick in front of “Automatically send unsent crash reports automatically by Thunderbird” should be missing or removed. removed.
On the right-hand side, in the “Security” section the following settings should be made.
- A tick should be placed in front of “Check messages for fraud attempts (phishing) " should be ticked or set. be set.
- Before “Enable antivirus software, quarantine incoming messages. quarantine incoming messages.” should be ticked or be set.
- Before “Confirm current validity of certificates by querying the OCSP server” must be ticked or set.

click again in the top right-hand corner on the icon with the three horizontal lines and then click on “Account settings” or directly on “Account settings” at the top right of the main window. Alternatively, you can also click “Extras > Account settings” if you have activated the menu bar.

On the left-hand side, select “Server settings” on the left-hand side.
- In the “Security and authentication” section section, under “Connection security:”, the item “SSL/TLS” should be selected or be selected.
- Under “Authentication method:”, the item “Password the item “Password, normal” should be selected or be selected.
On the left-hand side, select “Compose & Addressing” on the left-hand side.

Remove the tick in front of “Compose messages in HTML format format”.
On the left-hand side, select “Outgoing mail server (SMTP)” on the left-hand side. Then in the right-hand window click once on the mail server and then select select “Edit…”.
- Under “Connection security:” the item “STARTTLS” should be selected or be selected.
- Under “Authentication method:”, the item “Password the item “Password, normal” should be selected should be selected or chosen.

4. Microsoft

4.1. Outlook 2010 to 2013

After opening the settings window with “File > Options” Options” has been opened, the following settings should settings should be made:

select “E-mail”.

In the “Compose messages” section, in the line “Compose message in this format:”, select the entry Select “Text only”.
In the “History” section (further down), you should in the subsection “For each message that contains the request for a read receipt” the line “Never send a read receipt” should be selected or be selected.

select “People” (“Contacts” in Outlook 2010).

In the “Online status and photos” section, tick the box in front of “Show user photos if available (…)” and in front of “Only show names in contact popup (…)” (missing in Outlook 2010) should be missing or removed.

select “Advanced”.

In the “More” section, the tick in front of “Allow sent emails to be analysed to identify people, people with whom you correspond frequently, … and upload this information to the Share Point standard server” should be server” should be missing or removed.

“Security Centre > Settings for the Security Centre…” or “Trust Centre > Settings for the Trust Centre…” select.

On the left-hand side, select “Email security” on the left-hand side.
- In the “Read as plain text” section in front of “Read standard messages in plain text format” should be ticked or set.
- In the “Script in folders” section before “Allow script in shared folders” and before “Allow script in public folders " must not be ticked.
On the left-hand side, select “Automatic download” on the left-hand side.
- Before “Do not download images in HTML messages or RSS elements not download automatically” should be ticked should be ticked or set.
- The four items “Download …” should be be missing or removed, as sender addresses can be forged. can be falsified.
- There should be a tick in front of “Show warning before …”. should be ticked or set.

in “Start”, click on the small down arrow to the right of the icon for “Junk e-mail” (last icon in the “Delete” column). icon in the “Delete” column). In the window that opens, select “Junk e-mail options…” in the window that opens. In the new window, select the “Options” tab tab in the new window.

If necessary, select what should be done with spam/junk e-mail.
Before “Disable hyperlinks and other functions in phishing messages (recommended)” should be ticked a tick should be set or be set (is only weakly displayed in Outlook 2013, so that no tick could be set).
Before “Warn for suspicious domain names in e-mail addresses (recommended)” should be ticked should be ticked or set (is only weakly displayed in Outlook 2013, so that no tick could be set).

4.2 Outlook 2016, 2019 and 365

Office 2016 products are generally updated automatically via Windows Update update. For Office 2019 and 365, the update must be initiated via an Office programme. For example, start Outlook 2019 or Outlook 365 and then select “File > Office account”. You should see “Updates are downloaded and installed automatically downloaded and installed” on the right-hand side. If you click on “Update options”, you can force a check and, if necessary, force an update by clicking on clicking on “Update now”.

After opening the settings window with “File > Options” settings window has been opened, the following settings should settings should be made:

select “General” (only required for Office 2019 and Office 365 required).

In the “LinkedIn functions” section (at the end on the right) right-hand side), the tick in front of “Activate LinkedIn functions in my Office applications” should be missing or removed. be removed.

select “Email”.

In the “Compose messages” section, in the line “Compose message in this format:”, select the entry Select “Text only”.
In the “History” section (further down), you should in the subsection “For each message that contains the request for a read receipt” the line “Never send a read receipt” should be selected or be selected.
In the “Message format” section for “When sending messages in rich text format to rich text format to internal recipients” the value “Convert to plain text format” should be selected or selected.

select “People”.

In the “Online status and photos” section, tick the box in front of “Show user photos if available (…)” and “Only show names in the contact pop-up (…)” should be missing or removed.

select “Advanced”.

In the “Other” or “Other” section section, the tick in front of “Allow sent emails to be analysed to identify people, people with whom you correspond frequently, … and upload this information to the Share Point standard server” should be server” should be missing or removed.

select “Trust Centre” and then on the right “Settings for the Trust Centre…” on the right.

On the left-hand side, select “Privacy options” on the left.
- Outlook 2016:**
  - Before “Send personal information to Microsoft to help improve Office” the tick should be missing or removed.
  - Before “Allow Office connections with Microsoft’s online services, …” the tick should be missing or removed.
- Outlook 2019 and 365:** On the right Select “Privacy settings…”. Before “Enable optional connected experiences” the tick should be missing or removed.
On the left-hand side, select “Email security” on the left-hand side.
- In the “Read as plain text” section before “Read standard messages in plain text format” and in front of “Read digitally signed messages in plain text format format” should be ticked or set.
- In the “Script in folders” section before “Allow script in shared folders” and before “Allow script in public folders " must not be ticked.
On the left-hand side, select “Automatic download” on the left-hand side.
- Before “Do not download images in standard HTML emails or RSS elements not download automatically” should be ticked should be ticked or set.
- The four items “Downloads …” should be be missing or removed, as sender addresses can be forged. can be falsified.
- There should be a tick in front of “Show warning before …”. should be ticked or set.
- Before “Do not download images in encrypted or signed HTML emails” should be ticked or set. should be ticked or set.
On the left-hand side, select “Macro settings” on the left-hand side.
- You must select “Deactivate all macros without notification deactivate” must be selected or selected be selected.

select “Start” in the title bar of the window in the title bar of the window.

Outlook 2016:** In the third column, click on the last entry the last entry “Junk e-mail”.
Outlook 2019:** In the third column, click on the the icon for “Junk email”.
Outlook 365:** Click at the end of the title bar on the three dots (“More commands”) and then on the entry “Junk e-mail”.

Select the entry “Junk email options…” and then select the “Options” tab in the new window.

If necessary, select what should be done with spam/junk e-mail.
Before “Disable hyperlinks and other functions in deactivate hyperlinks and other functions in phishing messages (recommended)” should a tick should be set or be set (may only be displayed weakly, so that no tick can be set).
A tick should be placed in front of “Warn for suspicious domain names in e-mail addresses (recommended)” should be ticked should be ticked or set (may only be displayed weakly, so that no tick can be set).

5. Novell GroupWise 2018 WebAccess Client

Select “Tools” from the menu bar and then select the entry “Options…”. The following settings should be settings should be made:

double-click on “Environment”.

Select the “Layouts” tab.

The “Default layout & font when creating” and Create” and “Default layout & font when reading” should be “Plain text” should be set or be set as the or be set.
Select the “Standard actions” tab.

In the sections “External HTML images:” and “HTML scripts:” sections a dot should be set before “Always display warning” or be set.
Select the “Design” tab.

If necessary, tick the box next to “Show flash preview”, if you want to read the message immediately.

double-click on “Send” and then select the “Mail” tab then select the “Mail” tab.

In the “Confirmation of receipt” section, the value “None” should be fields the value “None” should be selected or selected. be selected.

S/MIME