In order to realise appropriate network security, several coordinated security measures must generally be used. Protection against unwanted access to the university network from the "outside world", as well as the regulation of data traffic with the "outside world", is implemented on the central firewall. ZIM offers firewalls based on filter rules on the routers to protect individual subnets within the university.

What is authentication?

Authentication is the process of certifying the authenticity of something or the identity of a person, e.g. a user in the IT sector. In Computer Science, the word authentication is often used both for the process of authorisation verification and for the result of this verification.

How is authentication used by ZIM?

At Paderborn University, you can usually log in to web applications with your central university account.

The server application Authentication is designed for areas (e.g. faculties, institutes, chairs, facilities, committees, university groups) of Paderborn University and enables them to secure access to their own applications. Users benefit from the fact that they can authenticate themselves to applications of decentralised areas via their university account.

The authentication requires that the corresponding applications of the departments are operated securely and "can" LDAP or Kerberos. Further requirements must be clarified on a case-by-case basis.

The DFN-AAI Federation is a service for scientific institutions (universities, research institutes) and providers of scientific information and content (e.g. publishers). DFN stands for: Verein zur Förderung eines Deutschen Forschungsnetzes / DFN-Verein and AAI for its authentication and authorisation infrastructure. DFN-Verein regulates the cooperation of all partners in the DFN-AAI Federation via binding legal and technical standards in order to exchange user information and associated access authorisations and thus enable secure external access to internal campus applications and services. These include, for example, e-science and e-learning systems, administrative systems, licensed electronic information media from the library or GRID computing.

The DFN-AAI uses the "Shibboleth" programme package for technical implementation. Shibboleth is a development of the US INTERNET2 initiative and is based on the common international standards HTTP, XML, XML Schema (XSD), XML Signature (XMLDisg), SOAP and SAML2. Shibboleth essentially consists of two software components, one designed for the content and service provider side (=service provider) and the other for the scientific institution side (=identity provider). The use of Shibboleth enables, for example, remote access or location-independent access to electronic information media from scientific publishers that are licensed by the library.

DFN-AAI is used by Paderborn University for the following services, among others:

• Access to electronic information media of the university library
• sciebo

Notes on DFN-AAI registration

• Your Uni-Account is the account that you also use for registration for services such as PAUL, PANDA, the service portal and webmail.
• When using a service provider for the first time, the personal data transmitted to the provider will be displayed in detail. You can then decide not to use the service. In this case, no data will be transmitted.
• You can display this detailed view of the personal data again by selecting the "Reset my attribute authorisations" field at the top.
• Cookies must be enabled in your browser for registration to work.
• To end the session, please close your web browser. This is the only way to ensure that you are logged out of all applications.
• Due to the technical characteristics of DFN-AAI registration, it is not possible to bookmark this page. However, you can bookmark the page from which you accessed this login page.
• Here you can find further information about DFN-AAI (Shibboleth).

If you have any questions or problems, please contact the ZIM user advisory service in person or by e-mail.

The Certification Authority (CA) of Paderborn University offers users

• the SSL server certificates of the DFN and the CA of Paderborn University for download and installation, so that your browser can identify appropriately certified servers and establish an encrypted connection to them,
• the issuing of SSL user certificates for encrypting and signing e-mails and as proof of identity to web servers which - instead of a user name and password - require an SSL user certificate from you before the encrypted transmission of non-publicly accessible WWW pages,
• as well as the issuing of PGP certificates for encrypting and signing e-mails.

The Certification Authority (CA) of Paderborn University offers administrators of Paderborn University institutions

• SSL certification of servers.
  

E-mail certificates

The Certification Authority (CA) of Paderborn University offers users the issuance of both SSL user certificates and PGP certificates for encrypting and signing emails. With an e-mail certificate from Paderborn University's CA, you can add an electronic signature to your e-mail. This signature guarantees the recipient of your e-mail the following properties:

• The e-mail was actually written by you and not by another person on your behalf, because only you are in possession of the private key belonging to the signature.
• The signatory is a member (employee or student) of Paderborn University.
• The content of the transmitted e-mail has not been changed on its way to the recipient.

Please note that these points are in no way guaranteed when sending a "normal", unsigned e-mail. Although an e-mail contains the name and address of the sender, the sender can change these details in their e-mail programme as they wish and thus manipulate them.

Server certificates

The server application Serverzertifikate is designed for areas (faculties, institutes, chairs, facilities, committees, university groups) of Paderborn University and includes the issuing and administration of certificates for establishing encrypted connections (SSL, TLS) to servers of decentralised areas. The certification authority is operated by the Verein zur Förderung eines Deutschen Forschungsnetzes e.V. (DFN); registration takes place via the ZIM.

ZIM monitors its services with Icinga, a descendant of the open source software Nagios.

ZIM mirrors updates and patches of commercial software on its servers so that they can be accessed more quickly internally and the university's internet connection is relieved. These are in particular

• Windows Updates: ZIM operates a WSUS (=Windows Server Update Services) server at wsus.upb.de, which mirrors Windows, Office, Microsoft Essentials patches and updates. The server can be used by all computers in the university's internal network. Service packs, feature updates and drivers are not supported for security reasons. You must download these yourself from Microsoft Windows Updates.

Information on the status of our services can be found at http://statusmeldungen.uni-paderborn.de.

Unfortunately, e-mail addresses from the university namespace are repeatedly misused to send spam and phishing e-mails. Please be suspicious if you receive an e-mail that you cannot attribute to any context.

We provide tips on recognising phishing messages and examples on our help pages.

If you have clearly identified a message as spam or a phishing message and would like to participate in combating its distribution, you can send the e-mail to the software manufacturer of our anti-spam software, Sophos. Please follow the instructions provided by Sophos: https: //support.sophos.com/support/s/article/KB-000033422.