Security Measures
Security Measures
The background to the new measures in mail traffic at TU Dortmund University is the increasing frequency of IT security incidents at universities and research institutions. This is linked to the fact that an email is still one of the most popular ways for malware to spread and serves as a gateway for infections of entire networks.
Particularly critical are active contents and executable files in e-mails, which can contain malicious code that is executed when the document or a web link is opened. Therefore, we now point out such suspicious emails separately. This reduces the risk of hastily opening a potentially infected attachment in an inattentive moment. Recipients of such warnings are strongly advised to follow up the message and contact the sender in order to verify the actual sender on the one hand and the content of the attachment on the other. Only then should the attached document be opened or the web link followed.
All incoming mails for Unimail, Exchange, mail servers and faculty servers via the Ironport mail relays at TU Dortmund University are checked for potentially dangerous content.
In the case of executable programs or active content in PDFs and Office documents, the original mail is forwarded as an attachment to a warning mail with a modified subject ([WARNING: EXECUTABLE] or [WARNING: ACTIVECONTENT]). Mails with potentially malicious URLs are marked in the subject ([WARNING: BADURL]) and the URLs are deactivated (the links can be restored manually).
The original mail from the attachment should be able to be opened with mail programmes such as Mozilla Thunderbird or Microsoft Outlook. For mailboxes on Unimail, Postserver or TU Exchange, opening via the corresponding webmailers (Squirrelmail, Outlook Web Access) is possible as an alternative.
Example of a warning mail:
Von: IronPort Notification <service.itmc@tu-dortmund.de>
Betreff: [WARNING: EXECUTABLE] Test mit Anhang
An: XXXXXX@unimail.uni-dortmund.de
Sie haben eine Mail mit einem potentiell gefährlichen Anhang erhalten:
Von: XXXXXX@web.de
Betreff: Test mit Anhang Anhänge: program.exe
Sender: mout.web.de (212.227.15.4 / 3.5)
Die Originalmail ist dieser Mail angehängt.
Achten Sie auf Dateiendungen und Absender-Adressen. Öffnen Sie nach
Möglichkeit keine unbekannten oder unerwarteten Dateianhänge. Sollte die
E-Mail von einer bekannten Person stammen, erkundigen Sie sich vor dem
Öffnen, am besten auf einem anderen Weg, ob die E-Mail tatsächlich von
dieser Person verschickt wurde.
Weitere Informationen finden Sie im Service-Portal der TU Dortmund unter
dem Stichwort "Sicherheitsmaßnahmen". In Zweifelsfällen wenden Sie sich
bitte unter service.itmc@tu-dortmund.de an den Service Desk des ITMC
oder unter info.sic@tu-dortmund.de an das sic.
sic, das Sicherheits-Informations-Centrum der TU Dortmund