We cordially invite you to the
Information Security Awareness Days 2021!
IT Security Awareness Days
The IT Security Awareness Days are jointly organised by several German universities.
It is an online series of events with lectures on all aspects of information security. The lectures will be organised by various universities. Currently actively involved are: TU Braunschweig, TU Darmstadt, Uni Hildesheim, KU Eichstätt-Ingolstadt, Uni Göttingen/GWDG, Uni Marburg, Leuphana Universität Lüneburg, Hochschule München. The 14 lecture topics range from “Security in the Home Office” to “Social Engineering” and are mostly aimed at users without prior knowledge.
Participants from other universities are of course always welcome!
You will also find this event in Stud.IP of the TU Braunschweig as a public event:
https://studip.tu-braunschweig.de/dispatch.php/course/details?sem_id=73b65cde3bf59e1097ce4c377e53d2b6
Schedule (direct link): https://studip.tu-braunschweig.de/dispatch.php/course/dates?cid=73b65cde3bf59e1097ce4c377e53d2b6
Programme (lectures are available in German only!):
- 07.06., 10:00 Uhr: Informationssicherheit im Homeoffice (Arne Windeler, TU Braunschweig)
- 08.06., 10:00 Uhr: Sicherer Umgang mit (Forschungs-)daten (Lukas Härter, Uni Marburg)
- 08.06., 14:00 Uhr: Guided Online Tours der Online Tools des GITZ (Leonard-Jari Zurek, Christian Böttger, TU Braunschweig)
- 09.06., 15:00 Uhr: Wie sag ich’s meinen Mitarbeitern? (Rainer Gerling, Hochschule München)
(keine Aufzeichnung, Folien nicht vom Autor freigegeben) - 10.06., 15:00 Uhr: E-Mail-Sicherheit / Phishing (Christian Böttger, TU Braunschweig)
- 11.06., 10:00 Uhr: Backup and Restore (Susan Roesner, Uni Hildesheim)
- 14.06., 14:00 Uhr: Sichere Passwörter (Christian Böttger, TU Braunschweig)
- 14.06., 15:00 Uhr: Sicherheit im WLAN (Steffen Klemer, GWDG)
- 15.06., 14:00 Uhr: Tücken des Alltags (Bernhard Brandel, KU Eichstädt-Ingolstadt)
- 15.06., 15:00 Uhr: Die 11 “Goldenen Regeln” der IT-Sicherheit (Christian Böttger, TU Braunschweig)
- 16.06., 11:00 Uhr: Messenger – Datenschutz und IT-Sicherheit (Holger Beck, Uni Göttingen/GWDG)
- 17.06., 10:00 Uhr: Emotet – Ein Fallbeispiel für Bedrohungen (Christian Böttger, TU Braunschweig)
- 17.06., 11:00 Uhr: S/MIME – Digitales Signieren für E-Mail und Dokumente (Jochen Becker, TU Darmstadt)
- 18.06., 10:00 Uhr: Die 4×4 der verbreitesten IT-Sicherheitsirrtümer (Christian Böttger, TU Braunschweig)
- 18.06., 11:00 Uhr: Sicherheit für Windows-Arbeitsplatzrechner (Susan Roesner, Uni Hildesheim)
Details of the lectures
Emotet – A case study for threats
Dr. Christian Böttger, TU Braunschweig, 17.6.2021, 10:00
The omnipresent threat of spam/Phishing emails takes on a new dimension. “Emotet” combines the spam distribution method “spear Phishing” with social engineering methods” with dangerous malware (Advanced Persistent Threads APT).
After infecting a target system, Emotet is able to read the victim’s Outlook address book and spread itself further via spear phishing. Recently, it also reads the victim’s emails (Outlook harvesting) and uses the contents to create authentic-looking spear phishing emails (social engineering). It then sends itself to the saved contacts in the name of the victim via the victim’s real email address.
In addition, Emotet is able to reload further malware according to the attacker’s needs and intentions, thus constantly changing itself. So far, the banking Trojans “Trickbot” and “Quakbot” have been observed in particular, but not only. These can spread independently from an infected computer as a worm in the infected network, even without sending further spam mails.
Due to constant modifications, the malware is usually not initially detected by common virus protection programmes and makes profound changes to infected systems.
A single infected computer can thus infect and paralyse the entire network of an organisation. Several such incidents have already become public knowledge, for example at the University of Giessen. Environments that use centralised Windows systems are particularly at risk.
Encryption, backup, cloud: How do I protect my (research) data?
Lukas Härter, Philipps-Universität Marburg, 8.6.21, 10 – 11 a.m.
The more sensitive the data, the more important it is to protect it. As true as this statement is, comprehensive protection of (research) data presents many people with major challenges in their everyday professional lives. Often there is not enough time to deal with how data can be protected in the best possible way and it is not always easy to find information on measures that provide effective data protection. Even if there is an awareness of data protection and information security, a lack of protection can cause entire projects to falter. So it may seem obvious to simply encrypt data or, if it needs to be available at all times, to store it in the cloud. But is that really enough?
In this lecture, we will look beyond the end of our nose and consider the fact that a tool can only be half the battle when it comes to protecting my data. The focus is on the question of how and with what I process my data, what I can do to protect it and where the dangers lurk. After the lecture, there will be an opportunity for discussion.
Security in the WLAN
Stefan Klemer, GWDG, 14.06.2021, 15:00
With our mobile phones, tablets and laptops we are almost constantly ‘on’. Whenever the device is activated, a WLAN connection can be established almost anywhere and data can be freely sent out and into the world. How to ensure that data is secure even without a protective cable as a transport medium is the subject of this article. A special focus is on the aspects that can go wrong and how one can protect oneself against them.
Messenger – Data Protection and Information Security
Holger Beck, Uni Göttingen/GWDG, 16.06.2021, 11:00
WhatsApp, Signal, Telegram, Threema and other messenger services are used by billions of users. Fast and convenient exchange of messages, pictures, videos and files and usually also good accessibility of communication partners contribute to the fact that nobody wants to do without such services any more. For sceptics, there is also the pressure to join in so as not to be left behind.
In contrast to the popularity of messengers, there are questions about data protection and information security. Discussions sometimes get heated here, with many opinions not always contributing to greater clarity. The lecture is intended to review both positive and negative aspects of data protection and information security and thus help to better assess risks and opportunities and to use messengers appropriately (or even to do without them once in a while).
E-mail security
Dr. Christian Böttger, TU Braunschweig, 10.6.2021, 14:00
- E-mail dangers through phishing: Overview and what is it?
- Different approaches of the attackers
- Possible targets of the attackers
- Different types of attacks and their effects
- Protective measures: what can you do about it?
- With real examples
- Sources of further information
Secure passwords
Dr. Christian Böttger, TU Braunschweig, 14.6.2021, 14:00
- Why passwords?
- How do I choose a secure password?
- How do I store passwords?
Guided Online Tours of the Online Tools of the GITZ
Leonard-Jari Zurek, Christian Böttger, TU Braunschweig, 8.6., 14:00
We will introduce you to the various online services of the GITZ and show you where to find further information on information security.
The 11 golden rules of IT security
Christian Böttger, TU Braunschweig, 15.6., 15:00
We will show you which 11 (simple) points you should consider in order to achieve a basic level of information security at your workplace and at home.
The 4×4 of the most common IT security fallacies
Christian Böttger, TU Braunschweig, 18.6., 10:00
Based on a list by the German Federal Office for Information Security (BSI), today we will discuss the four most important misconceptions about information security in the areas of “surfing the Internet“, “e-mail (in)security“, “mobile devices” and “computer / PC security“.