【資安/Security】請謹慎使用外接式儲存裝置及使用合法合規軟體,避免造成資安事件。Please use external storage devices with caution and use legal and compliant software to avoid causing cybersecurity incidents.

近來校外及校內部份同學實驗室發生,因使用他人之外接式儲存裝置(USB隨身碟)導致電腦遭植入木馬程式的事件,發生電腦內的檔案被加密、外傳、刪除等狀況,下列幾點注意事項,提醒大家請依資安規範,使用電腦:

1.定期備份(建議至少每周一次,最長不超過一個月)自己電腦及筆電的資料,到外接式儲存裝置(USB隨身碟、外接式硬碟、NAS、雲端空間);備份資料至雲端空間時,機敏性資料請務必加密處理後,再行上傳,降低資料發生外洩風險。

2.外接式儲存裝置(USB隨身碟、外接式硬碟)不與他人共用,自己的電腦不使用他人的外接式儲存裝置;自己的外接式儲存裝置也不借予他人使用。若有未知的外接式儲存裝置,可至電子計算機中心之電腦教室進行格式化處理後,再行使用。

3.若有資料或檔案需要傳遞或共享時,請盡量使用email、line、雲端空間、NAS進行;傳遞或共享機敏性資料時,請務必加密,再以第二管道通知接收者開啟密碼

4.本校授權軟體使用僅限教職員工使用之公務電腦,教職員工私人購置電腦或筆電切勿安裝及使用。(在校學生可將本校授權軟體安裝於私人的電腦或筆電)。

5.請使用合法合規軟體,遵守智慧財產權相關法規,勿於公務電腦(資通訊設備)上,安裝或使用不合法之軟體。(請老師及同學特別注意,每個IP都有管理人及使用人,若該IP的電腦(資通訊設備)遭通報軟體侵權或資安事件,管理人及使用人需負相關法律責任。)

6.目前許多軟體都有自動更新或回傳機制(包括破解版的軟體),會紀錄使用的IP、日期時間等相關資訊做為法律證據,故請大家切勿安裝或使用不合法的軟體。

7.若有承接他人(同事、同學、學長姐等)移交之電腦、筆電、伺服器,請於備份重要資料後,務必將所有磁碟機格式化後重新安裝作業系統。

8.同學、老師、職員、其他人之私人電腦、筆電、手機、平板等資通訊設備,以學校網路(有線及無線)及IP連接網際網路,若使用非法軟體被紀錄進而遭查獲、檢舉,法律責任將由個人自行承擔負責。

9.若至校外網站下載免費軟體、教育版軟體等軟體時,請務必至該軟體官網進行下載,千萬注意不要隨意點選搜尋到的網站就下載安裝及使用;有許多的詐騙網站,會製作包含有毒、後門程式、木馬程式的工具包,讓使用者下載,造成資安事件及風險。

若有資安相關問題,請洽電子計算機中心:
游順發組長 6209 rogeryu@mail.ntust.edu.tw
張云蘋   6929 applechang@mail.ntust.edu.tw

【Security】Please use external storage devices with caution and use legal and compliant software to avoid causing cybersecurity incidents.

Hello Everyone:
Recently, some student labs, both on and off campus, have experienced incidents where computers were infected with malware after using other people's external storage devices (USB flash drives). This resulted in files being encrypted, transferred, or deleted. The following points remind everyone to use computers in accordance with cybersecurity regulations:

1. Regularly back up (at least weekly, but no more than once a month) your computer and laptop data to external storage devices (USB flash drives, external hard drives, NAS, cloud storage). When backing up data to the cloud, please encrypt sensitive data before uploading to reduce the risk of data leakage.

2. Do not share external storage devices (USB flash drives, external hard drives) with others. Do not use other people's external storage devices on your computer; do not lend your external storage devices to others. If you have an unknown external storage device, you can go to the computer lab at the computer center to format it before using it.

3. When transferring or sharing data or files, please use email, Line, cloud storage, or NAS whenever possible. When transferring or sharing sensitive data, please encrypt it and then notify the recipient to unlock the password through a secondary channel.

4. Authorized software is only permitted for use on official computers owned by faculty and staff. Faculty and staff should not install or use it on their personal computers or laptops. (Students may install authorized software on their personal computers or laptops.)

5. Please use legal and compliant software, and comply with intellectual property laws. Do not install or use illegal software on official computers (ICT equipment). (Teachers and students should note that each IP address has an administrator and user. If a computer (ICT equipment) on that IP address is reported for software infringement or a cybersecurity incident, the administrator and user will be held legally responsible.)

6. Many software programs (including cracked versions) have automatic update or data upload mechanisms that record the IP address used, date, and time as legal evidence. Therefore, please do not install or use illegal software.

7. If you receive a computer, laptop, or server from someone else (colleague, classmate, senior student, etc.), please back up important data and then format all disks and reinstall the operating system.

8. If classmates, teachers, staff, or others use their personal computers, laptops, mobile phones, tablets, or other ICT devices connected to the internet via the school network (wired and wireless) and IP addresses, and are subsequently caught using illegal software, they will be solely responsible for any legal consequences.

9. When downloading free software or educational software from off-campus websites, please always download it from the official website of the software provider. Do not randomly download, install, or use software from search results; many fraudulent websites create toolkits containing malware, backdoors, or Trojans, which can lead to cybersecurity incidents and risks.

For more question about information security, please directly consult with Computer Center, at rogeryu@mail.ntust.edu.tw or applechang@mail.ntust.edu.tw

發佈單位: 電子計算機中心
寄送群組: muser-xx-xxxx, stud-xxxx-x
寄送對象: 全校教職員工生