You are here: Home News & Alerts News Priority goal of RZ 2023: IT …

Priority goal of RZ 2023: IT security

Irrespective of the search for a new head of the computer centre, which is currently underway, major activities will take place in the area of large IT projects, such as IDM, FIS, web presence and FDM. A central concern is the step-by-step measures to improve IT security. Activities on various levels, such as network segmentation, introduction of a DMZ or two-factor authentication are currently being tackled.

 

The goals and visions of the data centre for the year 2023 / Ziele und Visionen des Rechenzentrums für das Jahr 2023  are formulated in the training ILIAS.

In addition to the further development of the basic infrastructures (server rooms and response to the energy crisis, storage and virtualisation) and the reorganisation of the financing of the large IT infrastructures, these include topics such as the central helpdesk and the projects for the new IDM (discussion thread) / Diskussions-Thread

and FIS (including this thread) / dieser Thread,

including the work to support the university's new website. Furthermore, it is about the further development of the service portfolio and the intensified search for new ways to offer services together with other institutions for the campus  (NextCloudOFORK). 

All links point to the Admin Forum in the continuing education ILIAS, a platform for the exchange of information between IT officers and for information from the RZ about ongoing developments. This is accessible to all members of the university with their ID.

Even though the University of Freiburg has so far been spared from recent targeted attacks on university types of all kinds, this topic needs significantly more attention and prevention. Measures need to be taken on the part of the computer centre as well as activities on campus in cooperation with information security.

The successful ISO 27001 certification, / erfolgreiche ISO-27001 Zertifizierung  for which a renewal of the certificate and extension of the scope to at least Machine Hall III in KG 2 is due in the third quarter, provides a good guideline for structuring the measures. It is important to note that IT security not only takes into account the protection of data but also the availability of services. Therefore, the RZ will strengthen the measures in the following areas (also in coordination with the ISB):

  • Backup and disaster recovery: review of previous backup strategies, considerations for restarting after a (successful) attack, prioritisation and dependencies of central services.
  • Creation of (geo-)redundancy for central services on campus (incl. basics in the area of network and virtualisation)
  • Introduction of 2-factor authentication for critical systems
  • Establishment of a DMZ for the secure operation of externally accessible services and general considerations for the security architecture in the network area.
  • For this purpose, advancing network segmentation, concepts for secure remote access (VPN, SSH, ...), relocation of 10 networks, securing 132,230 ...
  • Creating an emergency strategy in case of successful attacks (external/static website, ...)
  • Considerations for securing services, such as central entry proxies for services, secure login/file transfer service
  • (Central) logging of the various services with common views
  • IT inventory (use of NetBox)
  • Renewal of the aging central UPS (bridging before the emergency diesel kicks in) for location A (RZ).


This then also affects access to certain functions/areas of services, e.g. in the CMS.