Home Office - working secure
Translated with DeepL.com
Checklist for end-user device configuration
When working in a home office, comparable situations must be created as when working at an office workplace at KIT. The security measures listed here protect you from misuse of your IT workstation and the data you process. The measures also help to secure your home network. How a Windows end-user device should be installed is described in the checklist Standard end-user Device Setup.
Operating system up-to-date and security updates automated?
- Patch management: The workstations are regularly supplied with patches and updates of the operating system and application software(WSUS, OPSI, etc.).
- Check update status under Windows 10: Start menu - Settings - Update and Security.
- Activate client firewall.
Virus scanner set up and up-to-date?
- Protection against malware: The devices have adequate virus protection that also provides protection against malware.
- Virus protection at KIT
This IT service provides KIT employees with centrally managed and daily updated virus protection for notebooks, desktop PCs, and servers.
Hard disk encryption set up?
- Data encryption (cryptography): Data on mobile devices should be encrypted. This applies to active devices such as notebooks, smartphones, tablets as well as to mobile data carriers such as USB sticks or mobile hard disks.
- Hard disk encryption at KIT
Remote access via virtual private network (VPN) set up?
- VPN provides protection against attacks on communication or via communication interfaces:
- Network security: Access to the KIT data network takes place via the VPN access provided for mobile work or work in the home office.
Home directory, OU filing Remote desktop set up and accessible?
- Data sparing on workstations: data is kept on the central data storage of the OU. Data is accessed via designated VPN access. If possible, data is not stored locally.
- KIT data storage(OU directory)
This service provides a KIT organizational unit (OU) with a highly available and central data repository.
- The personal directory ( \sccfs-home.scc.kit.edu\home ) is a highly available, central data storage for personal data and documents. The repository is available to all KIT employees, but cannot be shared with other users.
- Microsoft Remote Desktop Services(RDS)
Provision of server-based Windows desktops with standard software installed for KIT employees.
Individually required applications installed and configured?
- Provision of the individually required working environment. In case of doubt, consult with the IT representative of the OU.
- Keep applications up to date.
Communication applications installed (MS Teams, ZOOM, BigBlueButton, Rainbow)?
Install Google Chrome or MS Edge as the browser for BigBlueButton and Jitsi respectively.
- Rainbow is a telephony software (app or browser application), with which different end devices can be used to make phone calls The office phone, for example, does not have to be forwarded to the private landline number.
E-mail certificate available and installed?
- The SCC provides certificates for secure communication on the Internet. User certificates are required for e-mail signature and encryption.
Automatic screen lock active, if necessary provide for view protection, no disclosure to third parties!
- Set up a screen lock under Windows 10:
Start menu - Settings - Personalization - Lock screen - Screen saver settings.
- Note: Unsupervised sharing and use of the device with/by third parties is not permitted - even temporarily.
Checklist introduction terminal use
This checklist contains important information to ensure that users can operate all components and applications correctly and safely.
Service agreement, guidelines, information paper for mobile work
- On the intranet under A-Z - Service agreement for telework and mobile work at the Karlsruhe Institute of Technology (KIT)
Token for two-factor authentication (2FA token) available and set up?
- Various services at KIT have increased IT security requirements that go beyond a simple login with user name and password, i.e., they require a second factor. These include in particular the SAP applications (e.g. ESS/MSS for time recording) and the campus management system, but also various VPN accesses. Two-factor authentication at KIT.
Security in the home network
- Install updates for the DSL/cable router à Follow the operating instructions for the home router.
- Change default password of router, if possible more than 12 characters
Password guidelines at KIT
- Separate WLAN access used for business purposes from non-business use of WLAN access - Set up WLAN guest access for homeschooling, friends, acquaintances, "gamer computers", etc.
Information securityawareness materials
- Leaflets, handouts or posters on practical tips IT security, recognizing fraudulent messages and mandatory reporting of IT security incidents
- Explainer videos
- Online training NoPhish
Tips for healthy working in the home office
- Healthy working in the home office (MED)
- Checklists of the German Social Accident Insurance (DGUV):
CHECK-UP Homeoffice - short version
CHECK-UP Homeoffice - Long version
- "Support for body, mind and soul" (MED)
Help and Support
If you have any questions, please contact your IT representative in the organizational unit or the SCC service desk.
Download this checklist as PDF.