Information Security Guideline for the Hessian State Administration
Information Security Guideline for the Hessian State Administration, to which the Terms of Use for IT Systems of the Technical University of Darmstadt refers, can be found in the Staatsanzeiger für das Land Hessen, Ausgabe 47/2021, Punkt 1082 (opens in new tab) . [Source: Staatsanzeiger für das Land Hessen]
Hessian IT Security Act – HITSiG (Hessisches IT-Sicherheitsgesetz)
The Hessian law for the protection of electronic administration of June 29, 2023 is available for download here: HITSiG (opens in new tab) (German only)
The Hessian IT Security Act creates a legal basis for the Hessen CyberCompetenceCenter (Hessen3C), founded in 2019, which is required to effectively protect the information technology of the administration against cyber attacks. At the same time, the law with the obligations that also apply to universities (especially § 8-11) represents a legal basis for the central information security measures at the TU Darmstadt.
The Guideline for Information Security at the TU Darmstadt was adopted on October 15, 2020. It forms a binding basis for all organizational units for the IT Security process at the TU Darmstadt and the organizational structure required for it.
The Guideline for Information Security of the TU Darmstadt defines tasks and responsibilities in order to achieve confidentiality as well as integrity and availability of data and IT Systems – taking into account data protection law and other legal requirements.
The guideline is a first milestone in a continuous IT Security process for the TU Darmstadt. Further concrete steps and measures will follow.
The Terms of Use for IT Systems of the Technical University of Darmstadt were approved by the Executive Board on October 01, 2019 and published in the Satzungsbeilage 2019-V of December 19, 2019.
- The complete Satzungsbeilage (original German version) (opens in new tab) can be found at Dezernat II under the menu item “Hochschul- und Universitätsrecht” > “Satzungsbeilagen”, Page 12.
- You can download an excerpt of the 2019-V Satzungsbeilage, pp. 12-23, translated into English here (opens in new tab) .
Access restricted section: Log in to see this section.
Publication: December 2021
The aim of this policy is to ensure a sufficient level of security for the use of user name/password procedures. The necessary basic regulations and instructions for users and system operators are listed in the policy.
Access restricted section: Log in to see this section.
Access restricted section: Log in to see this section.
Access restricted section: Log in to see this section.
E-mail services at the TU Darmstadt run in accordance with current security standards. In order to comply with these, rules are required (resolution of 25.09.2007), which are specified via implementation regulations:
All incoming and outgoing e-mails are routed through the central e-mail server of the HRZ.
Access from outside to the SMTP port of the TU Darmstadt is only possible for explicitly registered mail servers.
The computers of the TU Darmstadt are therefore largely protected against
- incoming/outgoing virus-laden e-mails and
- incoming spam (marking).
The Internet is protected against
- virus-laden computers of the TU Darmstadt.
In accordance with the IT user regulations, the aforementioned security measures do not release users from their responsibility to take a critical look at e-mail attachments before opening them.
Blocking old Office formats, macros, executable files
Since viruses can easily be introduced via old Office formats and the macros they contain, it has no longer been possible to receive e-mails containing such documents since the beginning of 2020. Affected are the formats doc, .docm, .dot, .dotm, .pot, .potm, .ppa, .pps, .ppt, .pptm, .html, .htm, .xll, .xlm, .xls, .xlsb, .xlsm, .xlt, .xltm, .xlw as well as .exe.
For details see news of the HRZ from 30.03.2020 and 14.01.2020.
The HRZ offers university-wide access to the WLAN eduroam. If you operate your own WLAN at your institute or institution, please note the following:
For the operation of a wireless LAN alongside the infrastructure of the university data center, boundary conditions must be met for smooth operation and trouble-free coexistence.
The following boundary conditions apply to the operation of the WLAN infrastructure:
- No free network access (access only with authentication).
- Authentication is based on the user ID and not on hardware or IP addresses.
- Data traffic is encrypted (tap-proof). No clear text passwords are allowed to pass over the network.
- The technology supports a maximum of 3 overlapping WLAN cells next to each other (frequency range coverage).
- The “User Regulations for IT Systems of the Technical University of Darmstadt” apply (e.g. the prohibition of passing on the user ID also applies here).
- Individual institutes/departments of the TU Darmstadt are allowed to operate their own gateways that can be accessed via the WLAN.
- The university computer center offers the centrally operated WLAN eduroam throughout the university. Existing institute gateways can then be included in this.
- In case of conflict, the central WLAN operated by the HRZ has priority over an institute WLAN.
- The WLAN must also be a separate, closed subnet in institutes.
- No servers may be operated in the WLAN (except for the gateway).
- Connection data (IP, user ID, time) are generally logged. Institutes that operate a corresponding gateway are also required to take appropriate measures.
- In the 2.4 GHz range, only channels 1, 6 and 11 may be used.
- No channel bundling may be used in the 2.4 GHz range.
- No decentralized WLANs may be operated in the 2.4 GHz range in the reception area around lecture halls.
- It is recommended to deactivate old coding methods, especially 802.11b.