|
|
|
|
|
|
|
|
Dear Readers,
Digitalisation simplifies and accelerates our working lives in many ways. However, it also leads to an increasing networking of systems and technical complexity. This increases both the dependencies on these environments and their vulnerability.
This year, two innovations by IT Services will make decisive contributions to securing our systems, significantly supporting the digitalisation of ETH Zurich. First, we are introducing multi-factor authentication for a growing number of applications, and secondly, we will increasingly check the computers in our network to see how up-to-date their operating systems and protection software are.
Another method of digitalisation and digital security is through the Google Workspace service (formerly G-Suite) of ITS. Many ETH members have been using this tool for some time. Now our users can also use this collaboration platform securely, just like Microsoft Teams and Zoom. We leave it up to users to decide which of these platforms is the right one for each individual group.
Read more about these topics in inside|out.
Warm regards,
Dr Rui Brandao
 |
|
|
|
|
|
|
|
|
|
|
|
| David Schärer, Stephen Sheridan and Anatoliy Holinger (left to right) are on the lookout for vulnerabilities before others get to them first. |
Are we aware of our critical IT vulnerabilities? |
Are we assessing the resulting risk correctly? Do we know what measures are most effective and efficient in reducing the risk? IT SeC at ITS would like to offer its assistance with the new System Health vulnerability management service. This service examines end devices for known vulnerabilities and faulty security configurations. It assesses the end devices with regard to their vulnerability and offers the network zone and system managers information on how to deal with these vulnerabilities efficiently and effectively.
We encounter vulnerabilities everywhere: at home, in our cars, in other people and of course in the software on our computers. Vulnerabilities on computers are the gateway for cybercriminals and amateur hackers. Anyone who finds them can exploit them and cause considerable damage. Newly discovered vulnerabilities (zero-day exploits) for which there are no patches yet are often taken advantage of. Just as popular and equally exploited, however, are vulnerabilities that have been known for weeks, months or even years but have never been fixed. Combined attacks are not uncommon. Attackers gain access to systems through a zero-day vulnerability in order to then cause heavy damage by exploiting known, unfixed vulnerabilities.
Individual vulnerabilities and risks can usually be remedied relatively easily through patches (bug fixes, updates) and through the implementation of best practices and existing guidelines. Due to an almost unmanageable amount of software, vulnerabilities, measures and information and due to distributed responsibilities, vulnerability-free systems are difficult to achieve in reality. It is a challenge to correctly assess the resulting risk and identify those measures that best help to reduce it.
This is where the new System Health service of IT SeC at IT Services comes in. System Health continuously identifies and analyses existing vulnerabilities and the compliance of IT devices owned by ETH Zurich. With the help of security information, the greatest risks and the most efficient and effective measures per network zone or desired organisational unit are identified. Individualised as a report or directly by accessing an interactive dashboard for authorised users.
Find out more about the new service and talk to IT SeC. More information on the System Health WIKI page (login).
Stephen Sheridan, Service Owner of System Health, IT Security Centre (IT SeC)
Marc Schleusener, Project Manager of System Health |
|
|
|
|
|
|
| Welcome Miroslav Kobas |
| The Customer Experience and Solutions (ITS CxS) division is responsible for user support and IT workplace management in the research departments, central administrative units and at ETH-affiliated units. A hearty welcome to Miroslav, as new Division Head CxS for IT Services at ETH Zurich! |
|
|
|
|
|
|
|
|
|
|
| Potential attackers scam their way into sensitive company data and gain access to systems: solution on the ITS Blog. |
Who stole the login data? |
Almost every day we read about identity theft online, hacked login data and cyberattacks. Potential attackers scam their way into sensitive company data or gain access to systems in order to demand a ransom for the decryption or release of the data they have hijacked.
You're just in time: it has just been reported that four bad guys are trying to gain unauthorised access to ETH accounts. But cybercriminals don't do this by showing up in person, as shown in the picture. They do it mainly through phishing attacks. In this case, the user is asked to click on a link or a file under false pretences and is tricked into entering their username and password on a deceptively real-looking website which forwards the data straight to the scammers. Nowadays, such attacks are sometimes so sophisticated that even people with good technical skills fall for them.
Alternatively, cybercriminals could also buy login data on the darknet, install malware that reads passwords or steal the data indirectly. Since many people use the same passwords for both private and business purposes, in such a scenario, the affected persons’ logins would also work for their ETH accounts.
With the introduction of multi-factor authentication, ETH Zurich is significantly increasing security in central web applications. The second factor makes it more difficult for cybercriminals to access data. This second factor is generated by an authenticator app on the user's smartphone and is then entered on the login screen. Users are prompted to repeat this step at regular intervals.
Getting back to our case: search the ITS Blog for the matching picture as the solution to our crime scene and send us the solution via email. We're raffling off three YubiKeys, which you can also use as an MFA solution, to those who provide the correct answer.
Anja Harder, Chief IT Security Officer for IT Services (CITSO), ITS Head Office
Urs Spätig, Project Manager of MFA-SSO |
|
|
|
|
|
|
| New: Integration pre-vocational training at the IT Training Lab |
| From August 2022, the ETH Zurich will be one of the first organisations in Switzerland to offer integration pre-vocational training for IT experts at its IT Training Lab. |
|
|
|
|
|
|
|
|
|
|
| "Head in the clouds, feet on the ground": the Cloud Service Centre with Aires Marques, Apon Dunkl, Fabio Consani and Roger Schlumpf (left to right) |
Google Workspace now available |
With Google Workspace, ITS is providing another cloud collaboration solution. This is a welcome addition, especially for research and teaching, where Google Cloud Platform (GCP) and its computing solutions are widely used. The Cloud Service Centre is responsible for the two Google Cloud services and is making them available to members of ETH Zurich in a secure, legally unobjectionable and cost-efficient manner.
Google Workspace (formerly G-Suite) is a comprehensive enterprise platform for collaboration and communication. It essentially consists of cloud storage (G-Drive) and bundles the cloud applications (apps) that are based on it. Office automation tools and other applications allow teams to access data, digital diaries and project plans across distances and to coordinate tasks. Sharing features and real-time synchronisation make it possible to work on documents collaboratively. Google Workspace covers a wide range of options for collaboration with ETH staff, students, other universities and other external partners.
In addition to Workspace, ETH members can also obtain computing resources via GCP. GCP offers the option to use cloud-based services such as virtual machines, cluster systems, data storage and much more, as well as frameworks for data analysis, artificial intelligence and machine learning. By using GCP, costly investments and expansion of your own infrastructure and its operation can be avoided. Resources can also be managed directly, and the latest technologies can be used without expensive acquisition costs or long implementation times, simply with a Workspace account.
Do you have any questions about Google Workspace or the Google Cloud Platform? The Cloud Service Centre will be happy to answer them. Or are you interested in learning more about the cloud, tools and the Cloud Service Centre? Then visit our new CSC blog.
Fabio Consani, Head of the Cloud Service Centre (ITS CCR)
Urs Spätig, Project Manager of the Cloud Service Centre (ITS CCR) |
|
|
|
|
|
|
| Giorgio Broggi’s retirement & anniversary |
| We wish Giorgio Broggi all the best for his retirement! His anniversary retrospect is also a journey through time into ETH Zurich’s IT past. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Reset the password yourself |
Your holiday was really relaxing. On Monday morning at 7:00 a.m. you ask yourself, “What was my ETH password again?"
You can reset your passwords yourself if you have stored the authentication data. You can find more information about storing authentication data and ETH passwords in the IT Knowledge Base. It also has video instructions. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| New: Additional "Women only" |
| In addition to the mixed groups, an "IT taster course for female pupils" is now also available, which is very popular. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Update communication data |
| Please check your personal communication data and telephone numbers. The systems of the ETH offices (switchboard, alarm centre/emergency alarm, softphone telephone book, etc.) can only dial the numbers directly if they are stored in the correct format. |
|
|
|
|
|
