Since the summer of 2008 there are offline devices for the access system. This devices can be operated with each FHGR-Card.

The system includes the following components:

1. Cylinder lock
2. FHGR-Card
3. Update-Terminal / Validating devices

Offline-System

The system works without a physical connection between the cylinder lock and the access system.

Each FHGR-Card contains two data records for the access:

1. Rights
2. Timestamp

All the rights for a FHGR-Card are stored on the card. For a change of these rights it is necessary to update the card on an update terminal.

For security reasons the rights are only valid for a limited timeperiod which is stored on the timestamp. Actually this timeperiod is set to 7 days. After this period the rights are useless and the card shoud be updatet on a terminal. The timestamp can be updated at an update terminal or at a special configured online reader.

The FH Graubünden has implemented an access system, which works with the FHGR-Cards.

Online-Systems

The online devices are connected to the system and query the access permition in realtime. An access which is connected to the system has to be connected to the network and to the current. Entrees to the offices as well as to leased rooms are equipped with offline systems.

Following doors are connected to the online access system:

- All main entrances (incl. entrances Zurich)

- Car park entrance, Pulvermühlestrasse 57

- Elevators, Pulvermühlestrasse 57

The notebook-shelves for the students are online too.

To set up an Exchange account the following settings are required:

1. Open settings/accounts and backup/manage accounts and select "Add account".
2. Select "Microsoft Exchange ActiveSync"
3. Fill in your emailaddress and your password, select "manual setup" and fill in the information like on the picture below.
   The user name and the password can be taken from the FHGR account sheet.
   Important: At "Use secure connection (SSL)" must be a green hook.
4. Select "safe" - finish.

To get access to the University of Applied Sciences of the Grisons VPN with your Andorid smartphone, you have to do the following steps:

1. Download the App "Pulse Secure" from the Play store (new App "Ivanti Secure Access Client")
2. Start the App
3. Add a new connection with the URL vpn.fhgr.ch and the user name from the FH Graubünden. Sace the connection.

Detailed instructions can be found in the appendix.

For the use of the protected FH Graubünden WLAN with an "Android" operating system, the following settings on the device are required:

1. Select "settings" and "connections".
2. Select "wireless controls"
3. Choose "WLAN settings"
4. Turn on WLAN and select "eduroam"
5. Do settings as follows
   1. EAP-Method: PEAP
   2. Phase 2-authentification: MSCHAPV2 (if necessary)
   3. Identity: FHGR username followed by "@fhgr.ch"
   4. Password: password of the FHGR account
   5. CA-Zertifikat: "use system Certificate"
   6. Domäne: "fhgr.ch"
6. Click on "Connect"

Detailed instructions can be found in the appendix

The booklet printing on the multifunction printers (MFP) of the FH Graubünden is limited to 100g/m2 paper. The bypass can not be used for booklet printing.
According to the device specifications thicker (top-) leaves aren't possible.
Printing of brochures has to be printed on a Ricoh IMC 6000 device because the printer driver at the FH Graubünden has been designed for that type.

On Ricoh IMC 4500 the brochure will be folded the wrong way.

All students at the University of Applied Sciences of the Grisons have the opportunity, to purchase the Adobe Creative Cloud Pro (as an app including Adobe Stock) from Adobe. The license is valid for orders from September 1^st 2023 for one year. The price and expiration date of the license remain the same. This means, that if a license is ordered in January, it will still expire on August 31^th 2024). For this reason, we recommend placing the order at the beginning of the semester.

The current price is CHF 59 per license period.

Further instructions, the link to the shop and the FAQ from Switch can be found below.

Citavi is a reference management software, which you can get over the FH Grisons. 

If you have any questions you can write an E-Mail to the following Mail-Address: citavi@fhgr.ch

The link to the Download of Citavi, as well as an introduction, can be found in the appendix.

Cubus Dienst

Wenn das Cubus Programm keine Lizenz mehr finden kann, kann man diese Datei im Link unten herunterladen und die Reparatur ausführen.

Cubus Dienst Reparaturprogramm

S for Backup:

Data loss is painful and can affect anyone. Whether it's due to a technical defect on the device, a physical impact (device falls into water, for example) or a cyber attack. To counteract data loss, external storage media such as local data storage or cloud solutions help. The data is stored sustainably and independently of the main device and is available for immediate backup.

Tip:

• Back up your data regularly on at least a second external medium, which is stored separately from the main device.

U as in update:

Without an update, vulnerabilities in your programs or operating system, for example, can be exploited. As a result, attackers can penetrate the system and install malware or steal personal data, for example. Such attacks are unpleasant, as our privacy is violated and we are faced with a partial or complete loss of control.

Tip:

• Regularly update your system, programs and apps to the latest version. If available, it is best to use the automatic update function for this. Run recommended updates immediately.

P for Check:

Both a lack of virus protection and an inactive firewall provide a gateway for malware. A firewall prevents unauthorized access to a network and checks incoming and outgoing traffic against a set of rules to detect and block threats. Antivirus protects your device by regularly scanning the computer for malware and, if a threat is detected, removing or quarantining the malicious file.

Tip:

• Check your device to make sure an antivirus program and firewall are installed and continually updated.

E for logging in:

Passwords are tedious but important to protect one's data. Therefore, you should not only have a strong password, but ideally a different one for each platform / account. However, remembering all passwords is quite difficult. A password manager will make your life easier: Remember a secure master password and store the other passwords in the password manager. Some of these password managers even generate secure passwords for you.

Tip:

• Install and use a password manager. Whenever possible, activate the so-called two-factor authentication. Here, for example, an access PIN is sent to a previously registered mobile phone number, which is required for logging in.

R for Reduce:

Not everything you encounter in the digital space is reality. Cybercriminals influence our perception by disguising their identity and intent in order to obtain personal data or money. For example, they send fake emails in the name of law enforcement or promise large inheritances. This method of attack is called social engineering.

Tip:

• Reduce the risk of fraud in the digital space with a healthy dose of mistrust and don't click on every link without thinking.

All mail traffic for FHGR employees is protected by an automated anti-spam system.

Reporting spam mail
If suspicious e-mails have not been filtered automatically, they can be reported:

Alternatively, if unsure about the categories, forward the email to support@fhgr.ch.

Important: The e-mail must be forwarded as an "attachment".

Variant 1: In the "Reply" button the option "More" / "Forward as attachment".
Variant 2: Copy e-mail, create new message and paste mail into this message

Multi-factor authentication (MFA) is a security mechanism used to ensure that only authorized users can access a system, application, or data.
It requires the entry of at least two independent authentication factors to verify the user's identity.

The authentication factors can be:

• Something the user knows (e.g., a password, PIN, or secret question).
• Something the user has (e.g., a smart card, token, or cell phone).
• Something the user is (e.g., biometrics such as fingerprints or facial recognition).

When MFA is used, the user must provide at least two of the above factors at enrollment to gain access to the system or application. This increases security because it is more difficult for an attacker to steal or reproduce both factors than just one.

Note: Even an MFA does not protect 100% against a hacker attack, see also this article from the National Center for Cybersecurity NCSC on Real-Time Phishing.

Recommendations:

• Never provide a password or credit card number on a page you received through a link in a message, it is most likely a phishing attempt;
• Carefully check the web page where you have to enter your login details. An existing two-factor authentication does not protect against real-time phishing.

Social hacking refers to the process by which an attacker attempts to exploit human weaknesses and social engineering skills to gain access to confidential information, systems, or networks.

In general, social hacking aims to exploit people's trust and good faith to get them to perform certain actions or reveal confidential information. This can be done through various methods such as phishing emails, phone calls or fake social media accounts to trick victims into revealing personal data, passwords or other confidential information.

Social hacking is a significant security risk and can cause businesses and individuals to suffer great financial loss if confidential data is stolen or compromised. It is important for people to be aware and remain vigilant to protect themselves from social hacking attacks.

The digital extortion business is booming. Ransomware – a combination of “ransom” and “malware” (malicious software) – is flourishing. Hardly a day goes by without a ransomware incident reported in the news. These reports mention companies, hospitals, organisations – but what about the private sphere? Are private individuals affected by ransomware too?

When ransomware infects a computer or network, it blocks access to the system (locker ransomware) or encrypts its data (crypto-ransomware). Cybercriminals then demand a ransom from their victims for unlocking the data. The amount usually has to be paid in a cryptocurrency such as Bitcoin, with correspondence usually carried out over the Darknet.

“The new generation” of ransomware players has no interest in discounts or lengthy negotiations. So when they encrypt the data they provide a deadline for ransom payment. If the ransom demand is not met, confidential data is published directly or destroyed.

How does ransomware work?

You can receive malware via an attachment in an email, a file download or on a falsified website purporting to be from a serious provider.

Once the malware is on your device, you no longer have access or a way of decrypting the data yourself. In some cases, your screen will suddenly go black and your device will no longer respond to mouse or keyboard inputs. A menacing text from the perpetrators then appears, threatening the deletion or disclosure of all data on the computer. The text usually contains the following features:

• A countdown, loading bar or date shows you how much time you apparently have left. This is intended to emphasise the sense of urgency and put you under pressure.

• You are prompted to purchase Bitcoins and transfer them to a specified account.

• Usually the only course of action left to you is to access a marketplace for cryptocurrencies where you can acquire the ransom money and send it to the perpetrators online. They opt for this payment method as transactions are easy to cover up and thus more difficult for criminal prosecution authorities to trace.

How to protect yourself against ransomware

To avoid having to remove ransomware from your computer in the first place, you should treat unknown files with care.

• Create a backup of your data on a regular basis. The backup should be stored offline, on an external medium such as an external hard drive. Make sure to separate the medium on which you are creating the backup from the computer after the backup process. Otherwise, the data on the backup medium may also be encrypted and unusable during a ransomware attack. You can find out how here.
• Exercise caution when handling emails. You can find tips on how to do this here.
• Never connect USB sticks from unknown sources to your devices. Perpetrators sometimes leave loaded USB sticks and even USB charging cables (known as OMG cables) around to lure the “lucky” finder into a trap. Find here more information.
• Keep your programs and operating system up to date. Updating programs and operating systems regularly helps to protect you against malware.
• Only use known download sources. Never download software or media files from unknown websites. You should also take care when downloading to your mobile device. Trust the Google Play Store or Apple App Store, depending on which operating system you are using.

In the event of a ransomware attack, disconnect your computer from the internet and all attached storage media immediately to prevent further damage. In most malware cases, it is also a good idea to format the hard drive, set up the computer entirely from scratch and install the backup.

Cyber myth: If a telephone call displays a Swiss number, the call also comes from Switzerland and is certainly trustworthy.

In unregulated telephone networks (unlike in Switzerland, where telephone providers are regulated by OFCOM), a subscriber can transmit any sender number using an appropriate program.
This method can be used to make arbitrary calls, for example, even to the Swiss fixed network.
The number defined by the attacker is not checked by the telephone providers, but is passed on one-to-one and shown on the display.
The use of fake Swiss telephone numbers is also a common practice.
This does not mean that the call really comes from Switzerland.
In addition, there are also call centers that have a Swiss number but operate from abroad.

Thus applies:

• Do not trust the displayed phone number;
• Be especially skeptical if you are called by an unknown person, even if they pretend to be employees of well-known companies, such as Microsoft;
• Be skeptical if someone on the phone asks you to do something. For example, transferring money, giving credit card details and passwords, or accessing your computer.

Cyber myth: I can trust every e-mail sender I know!

If the sender's address displayed on an e-mail is known, you can by no means assume that the e-mail actually came from this person. Sender e-mail addresses can be forged at will.

Many cyber attacks today are carried out by e-mails whose sender address is forged.
Firstly, to create trust, and secondly, to tempt the recipient into an ill-considered action.
For example, phishing emails usually use banks as senders.
However, the identities of other well-known companies are also used to trick victims.
A popular scam is also that e-mails supposedly come from acquaintances, work colleagues or the boss.

Faking an e-mail address is very easy. Just as in the analog world with a letter, any sender address can be entered in an e-mail.

The sender e-mail address can therefore never be used as a verification element. E-mail senders can only be verified by using digital certificates. However, these have not yet become widely accepted and their use is difficult for most Internet users.

Thus the following applies:

• Be wary of e-mails with a known sender if a communication that has already been made is suddenly used incoherently.
• Use another means of communication, e.g., by telephone, to briefly ask the person whether the e-mail actually originated from him or her.
• Also be careful if money is suddenly demanded or a transfer is urged. A typical characteristic of fraudulent e-mails is that the requested action is to be carried out urgently.
• You should be extremely cautious if an e-mail asks you to click on a link or open a document. Never click on links or open documents if you do not know the sender. With known senders, it is better to ask too many questions than too few.

Cybermyth: If I click on a link, it really goes to the specified web page.

Attackers exploit the possibility of placing an arbitrary link behind any text by displaying a trusted link in the foreground, but this link leads to a malicious website or file in the background. By the way, this also applies to displayed email addresses. To check where a link actually leads to, you can move the mouse over the link (without clicking!). This will display the actual link in the bottom left corner of the screen's status bar in each case.

Thus applies:

•     Links are faked especially in e-mails. Special caution is required here;
•     Be careful when you are urged to click on a link. It is better to click on a link once too little than too much;
•     Check links before you click on them. If you have clicked on a link, you can always check in the address bar which page you are on. If you accidentally land on the wrong page, close the browser immediately.

Email remains the most popular gateway for malware and fraud attempts. Attackers try to deceive victims into doing something they do not want to do. The scenario chosen for this purpose is intended to affect the potential victim emotionally or trigger their interest to click on a link, open a document, provide credit card details or passwords, or make a payment. Handling emails carefully contributes significantly to the security of your data and your computer.

The following measures protect against malware, phishing and various types of fraud:

Beware of emails that require action on your part

Be careful if you are urged to perform an action. This may involve clicking on a link or opening an attachment. Never enter personal data in a form that you have opened via a link in an email.

Do not be caught off guard

Fraudsters are constantly devising new scenarios to encourage victims to react rashly. This method is known as social engineering. Social engineering is intended to ensure that the victims carry out the actions controlled by the perpetrators without being aware of it. Do not let yourself be taken off guard, think about the situation calmly and, if in doubt, ask friends, work colleagues or the NCSC how to assess the matter.

Beware of emails from unknown senders

Be suspicious of emails sent from an address you do not know. In such cases, do not open any attached documents or programs and do not follow any links provided in them.

Malicious emails can also come from known senders

Emails from a known sender can also be dangerous as some malware spreads by sending itself via email to recipients listed in a victim's address book. Be careful, for example, if previous messages are suddenly used out of context.

Caution with Office documents

Malware is often distributed through Office documents. In most cases the macro function is exploited. Never give permission to activate the macro function.

Email client software update

Email clients can also have security vulnerabilities. Check regularly whether there are any software updates for your email client and install them.

Mobile phones have become our permanent companions. These small, compact devices also contain more and more personal data, such as photos, contacts, emails and text messages. Therefore, the loss or theft of data can quickly result in serious consequences. In general, the same security rules apply as for a PC or notebook, except that a mobile phone's size makes it is easier to steal or lose. The NCSC has compiled nine practical tips to make your mobile phone more secure. The focus is on public WLAN use:

1. Always lock your phone
2. Use public WiFi networks securely
3. Use an official app store
4. Install antivirus software
5. Install updates
6. Save your data regularly
7. Activate encryption on your device
8. Activate "Find My…" and have access to remote wipe
9. Use caution with public charging stations

1. Always lock your phone

People have their mobile devices with them whenever and wherever they go. But sometimes these devices are left behind and forgotten somewhere, e.g. during a lunch break, at the gym or on a train.

In such cases, it is important that strangers be prevented from accessing the contents of the device. Losing information such as professional and personal emails, photos and phone numbers could be detrimental not only to you, but also to others if it ends up in the wrong hands.

Depending on the make and model of the device you use, the following methods are available:

• Digital fingerprint
• Face ID
• Iris recognition
• Password or PIN code

Be sure to enable such authentication methods. Make sure that your mobile phone locks itself as quickly as possible (30 seconds) after inactivity. Choose a sufficiently long and unique PIN code. Do not choose simple number sequences such as 123456 or 234567, nor numbers with a personal connection (e.g. date of birth, postcode, car registration number, etc.).

2. Use public WiFi networks securely

Public WiFi internet access points (hotspots) can be found at railway stations, airports, hotels, near public areas and places, and in bars and restaurants. The name of the WiFi network (SSID; service set identifier) usually ends in *_free, *_open or *_guest.

One of the biggest risks when using hotspots is directly related to how they work. Everyone can choose any name they want for their WiFi network. Imagine, for example, that you are in an airport terminal waiting to board your flight. You go in search of a WiFi network that the airport operator has made available so that passengers can access the internet.

You open the list of available WiFi networks and soon find a network called "WLAN_airport_free". 

It seems to be one of the public WiFi hotspots provided by the airport for transit passengers.

When you log on to this official hotspot, there are security mechanisms that allow individual users to be protected from each other so that the network traffic cannot be intercepted (sniffed) by third parties. However, no one can guarantee that any of these mechanisms are active. If this is not the case, cybercriminals can read all the data you access via the internet, provided it is on the same network and the data is not encrypted, even passwords. In any event, fraudsters can see which websites you are visiting at any given time.

The name "WLAN_airport_free" that appears is not necessarily the airport's official hotspot. It could also be a network that is only pretending to be provided by the airport operator. For example, fraudsters can use a smartphone to generate a WiFi hotspot with exactly the same name as the airport's official hotspot. Generally, devices connect to the WiFi network with the highest signal strength first. Since the fraudster is only a few metres away from you and offers the strongest signal, your device will connect to the fraudster's network.

In addition, there are also WiFi services for which a fee is charged. This type of service is mostly offered in touristic city centres, where demand is the highest. A payment, usually by credit card, must be made when logging on to such a network. Fraudsters exploit this situation by again providing a bogus WiFi hotspot with the same or similar name and requesting credit card details when a victim connects.

Recommendations

There is always a certain risk when you connect to a third-party WiFi network, as you can never be 100% sure who is behind it. The risk starts as soon as the connection to the WiFi network is established. An attacker can make your device download malware already at this point, giving them access to all of your phone's data.

Another risk is that the person who set up the fraudulent WiFi network can read all the information you leave behind when you surf the internet. It is therefore important that your connection to any websites you visit be encrypted. When connecting via a public WiFi hotspot, never enter login credentials on websites that are not encrypted. Look for "https" in the URL or the padlock symbol in the address bar. You should generally refrain from using sensitive services such as e-banking and reading emails at public hotspots.

If in doubt, use your mobile phone network for data communication; when abroad, use the roaming function.

It is advisable to use a VPN service. In this way, all communication is "hidden" and an attacker has no chance of reading the navigation history or data. A VPN connection is absolutely essential for business use (e.g. business emails).

Deactivate WiFi and Bluetooth when you do not need these services. This helps to avoid attack methods that cybercriminals use to penetrate your device undetected. It also reduces battery consumption.

3. Use an official app store

One of the most important attack vectors on mobile devices is the installation of malicious apps. On average, 200 million apps are installed on mobile devices every day, ranging from e-banking apps to shopping list managers. Not all apps are equally secure, however, and this applies especially to the source from which they are obtained and installed.

Aside from the app stores that are preinstalled on mobile phones by phone manufacturers (e.g. Google Play, Apple's App Store), other stores that offer apps also exist. These are called alternative or third-party app stores. While the official app store providers carry out in-depth checks on the apps, this is not the case with some alternative stores, or only to a limited extent. The NCSC therefore recommends downloading apps only from the official app stores. Only use alternative app stores if you are aware of the possible security problems and you trust the sources implicitly.

Read the reviews from other users and the app's general terms of use.

Another risk when installing apps is hidden in the access rights they ask you to grant. Avoid apps that require too many access rights. Only allow an app the rights it needs for its actual purpose.

• A weather app does not need access to telephone contacts.
• A shopping list app does not need access to photos.

4. Install antivirus software

Just like viruses that attack your PC, there are also viruses that target mobile phones. Therefore, you should set up antivirus software on your mobile device too. 

5. Install updates

The updates published by manufacturers and developers not only offer new functions, they also help to resolve vulnerabilities and prevent programming errors. It is therefore important to always keep your device and all apps installed on it up to date.

6. Save your data regularly

The NCSC recommends that you regularly save the data on your device, be it via a cloud service or syncing to your PC or directly to an external storage device.

An accident, loss or theft can happen quickly!

7. Activate encryption on your device

In the event of loss or theft, encryption ensures that the confidential data on your device cannot be accessed by unauthorised third parties. Nowadays, encryption is automatically enabled on many devices, provided the mobile phone is protected by a PIN, Touch ID or Face ID. However, it is worth checking whether encryption is enabled, especially with older devices.   

8. Activate "Find My…" and have access to remote wipe

Leaving your mobile phone somewhere can happen before you know it. To counter this problem, many phone brands offer a remote device location tracking service.

• On Android, the service is called "Find My Device" and can be downloaded directly from the official Play Store.
  More information on how to activate it and how it works can be found in the Google Account Help.
• On Apple, the app is called "Find My" and is installed as standard on each Apple device. However, it must be manually activated. More information on how to activate it and how it works can be found in the iCloud User Guide.
• On Samsung, the function is called "Find My Mobile". It is likewise installed as standard on devices and also requires manual activation to work. More information on how to activate it and how it works can be found und Find My Phone

Generally, these smartphone location tracking functions require devices to be switched on, connected to a WiFi network or have mobile data activated, and have location sharing enabled.
If this is the case, devices will be able to transmit their exact location and receive instructions such as to wipe themselves, play a ringtone, etc.

In addition, some device models can be configured so that the data they contain is automatically deleted after a certain number of failed password attempts.

9. Use caution with public charging stations

As soon as you connect your device to any USB port to charge it, there is a certain risk that data can be accessed. It is possible that information about the type, brand and model of the device will be read during the charging process. However, it is also possible that malware could be installed.

The best way to protect yourself against this is to use only the power adapter supplied with the device when charging it in public places.

An external battery (power bank) is also a good solution. This means you can charge the external battery at a public station and then charge the mobile phone from this battery. In this way, the phone is never directly connected to the public station.

Many do not know that prepared USB flash drives can also be used to hack computers.

At first glance, such a USB stick looks like a normal, inconspicuous USB flash drive. However, if you connect it to a computer, it is supposedly recognized as a keyboard. Predefined keystrokes are then reeled off, which can trigger certain malicious commands on the computer. Such so-called "rubber duckies" can generate more than 1000 words per minute. For example, backdoors can be installed on the attacked system, documents or passwords can be stolen, or extended rights can be set up on the computer.

Rubber Duckies - not harmless ducklings

When you hear the word "rubber duckies", you first think of children's toys. But in the hacking scene, this name means something completely different: such a bad USB stick is a popular hacking tool.

The name "Rubber Ducking" comes from the history of programming. In one method of finding an error in programming code, a yellow plastic duck is read line by line and the code is explained. As the code is explained, the programmers notice any errors. The rubber duck serves as a listener and has the advantage that no person has to be disturbed by it. With the "Rubber Duckies", commands are also processed line by line. To automate administration tasks, a tool was developed that mimics the typing of commands on a keyboard. Recurring commands are generated and executed line by line by the device.  However, this also gave birth to the idea of a keystroke injection attack, i.e. the infiltration of keyboard commands via a USB stick. This has evolved into a sophisticated hacking tool to this day.

How does the "keystroke injection attack" work?

The USB tool pretends to be a keyboard to the computer and thus has the same user rights as the victim sitting in front of the computer. The tool, the "Rubber Ducky", then stores the keystrokes to be executed, or commands, using the script language "Ducky Script". Once connected to the computer, the stick is recognized as a keyboard and the pre-programmed keystrokes or commands are executed on the computer.

Beware of donated or found USB sticks

But how do you get a victim to insert such a USB stick into their computer? This is done by means of social engineering. In this type of attack, characteristics such as trust, fear, respect for authority or curiosity are cleverly exploited by the attackers. A sub-variant of social engineering is so-called baiting. Here, the attackers rely on the victim's curiosity. The best-known type of baiting is placing USB sticks in the entrance area of a company's premises and speculating that employees will find the stick and immediately insert it into a company device out of curiosity. USB sticks can also be distributed via giveaways. Such sticks are distributed in many variants to visitors at conferences or exhibitions. However, not all of them are distributed with good intentions; among them may be prepared "Rubber Duckies"". But even an unattended notebook, for example on the train or at a conference, can be compromised by an attacker using this method, if he manages to connect the stick to the device unnoticed for a short time.

New tool version is even more sophisticated

In August 2022, a hacking hardware manufacturer released a new version of its tool. Earlier versions could already create fake pop-up windows to grab a user's credentials or make the browser send all stored passwords to an attacker's web server. In the latest version, stolen data can also be saved back to the USB device. This allows an attacker to insert the stick for a few seconds and then remove it again with all the stored data. This also no longer requires an Internet connection to send the data.

Tips:

• Never plug unknown USB devices into the computer.
• Never leave the computer unattended in public places.

Safe, mobile working cannot be achieved by technical precautions alone, but requires the active cooperation of the users. Therefore, it is also important to observe a few safety rules at home or on the road. Below you will find some tips on how to make the mobile workplace more secure through your behavior.

Set up password protection

When you're working at home or on the road - on the train, for example - never leave your devices (laptop or cell phone) unattended. Nevertheless, if your device is lost or stolen, data and systems can be accessed by unauthorized persons.

Tip:

• Make sure that access to your device is always protected with a password, or access code (2-factor authentication if possible).

Ensure privacy

Your devices should always be protected from prying eyes. This applies to your computer, cell phone and home screen.

Tips:

• Don't let other people touch the device used for work;
• Always lock the screen when you leave the workplace;
• Use a screen protector (film or integrated computer function) when traveling.

Caution during telephone conversations

Especially in public places, there are often uninvolved people present who can listen in on conversations and pass on the information.

Tips:

• In general, make sure that your telephone conversations cannot be overheard, whether you are on the road or at home. Therefore, find an undisturbed place to do so.
• Be especially careful with confidential conversations. These should be conducted physically whenever possible. If this is not possible, use encrypted communication channels such as Threema. However, here too, make sure that no uninvolved persons can listen in.

Secure data

Do not mix private and business data. Do not work on business data on your private device or on private data on your business device.

Tips:

• Perform business work on the device the company provides you;
• Do not use private cloud as data storage for business documents;
• Never store business data on private USB sticks or other private data carriers.
• Be sure to follow your company's guidelines regarding data backup.

Confidential data and documents

Special care should be taken when data is confidential information.

Tips:

• Keep confidential information under lock and key;
• Print documents only at the company workstation, if possible;
• Properly destroy data media and documents that are no longer needed. Documents belong in the document shredder. Electronic data remains readable even after deletion with the delete key or the "delete" function (only the information on the storage location is removed). For final destruction, the location of the information must be overwritten several times. Special programs are available for this process - also called wiping.

Use of WLAN

At home:

In almost every home network today you can find wireless networks that allow devices to connect wirelessly to the Internet. Such a network works via a router or a wireless access point (WAP), which emit a radio signal that the devices connect to. The radio signals can also be received outside of one's own four walls. Securing your own WLAN is therefore key to securing your private network.

Tips:

• Change all default passwords on the WLAN router, especially the one for the administrator.
• Choose strong passwords and use 2-factor authentication if possible;
• Secure your home Wi-Fi with a strong password, always use WPA2 or if already available on your device WPA3;
• If possible, restrict administrative access so that it is only possible from your own network and disable remote access. Most devices today also allow you to set up a separate guest network;
• Make sure you connect to the right WLAN;
• Keep all your devices up to date, including printers, routers, webcams, etc. and only use operating systems that are still updated by the manufacturer. This is the only way you will also get regular security updates for your operating systems.

Public WLAN:

When using public WLAN (e.g. in hotels or at train stations), there is a risk that unauthorized third parties can read or even access your data. Therefore, create a hotspot yourself and secure it with a strong password. Setting up your own hotspot on your smartphone is easy. On both iOS and Android devices, you can set up a hotspot under the settings.

Tip:

• Deactivate WLAN as well as Bluetooth if you do not need these services. This avoids attack methods that cybercriminals use to penetrate your device unnoticed. It also reduces battery consumption.

Chargers:

Public buildings such as airports or train stations often offer USB charging stations (including cables). However, these are accessible to all and can be easily tampered with and infect your device with malware.

Tip:

• Use your own charger or powerbank.

DC-Software Grundbaustatik kann über den ersten Link heruntergeladen werden.

im 2. Link finden sie die Anleitung nach der Installation.

DC-Grundbaustatik

Anleitung DC Grundbau

The FH Graubünden offers its users the opportunity to use the WLAN "eduroam".

Eduroam is the international roaming-platform for universities and research institutions with more than 7000 access points worldwide.

Once the WLAN “eduroam” is set up, the user can connect with his FH Graubünden-account to the eduroam-network and to the Internet for free – without any adjustments.

If you want to log in with a FH Graubünden-account in this Network, you have to add "@fhgr.ch" after your username.

Instructions for different platforms can be found on the Intranet, where the other instructions are or below this article in "Other topics that might interest you".

All fixed and variable employees receive a personal identification card.

This card combines the following functions:
- Employee Identification
- Free copy card (Copy-account)
- Cashless payment at the cafeteria and vending machines (Cafeteria-account)
- Access authorisation and liftaccess

Private copies can be payed at the charging stations to the terms of the current price list of the FH Graubünden.

Cafeteria

The employee identification card has a separate account for the cafeteria. On this account you can charge money regardless of the copy-account. With this money you can pay at the cafeteria.

You can charge the money on a charging station of the FH Graubünden.

Access systems

The FHGR-Card is used as a key with which you can access the offices such as the elevatores of the FH Graubünden.

Not fixed or variable employees can purchase a Cash-Card at the administration for a depot of Fr 20 -.

The Cash-Card combines the following functions:

- Copycard (Copy-account)

- Cashless payment at the cafeteria and vending machines (Cafeteria-account)

Copy

On every Cash-Card there is a Copy-account on which you can charge money to copy.

The printouts will be charged according to the current price list of the FH Graubünden.

You can charge the money on a charging station of the FH Graubünden .

Cafeteria

The Impersonal Cash-Card contains a separate account for the cafeteria.

On this account you can charge money regardless of the copy-account. With this money you can pay at the cafeteria.

You can charge the money on a charging station of the FH Graubünden.

All enrolled students at the FH Graubünden get a personal student identification card.
The Student Identification Card combines the following functions:
- LEGI (student identification/student card)

- Copy-/Printcard (Copy-account)

- Cashless payment at the cafeteria and vending machines (Cafeteria-account)

- Access authorisation and liftaccess (only on request)

- different benefits

Cafeteria

The Student Identification Card has a separate account for the cafeteria. On this account you can charge money regardless of the copy-account. With this money you can pay at the cafeteria.

You can charge the money on a charging station of the FH Graubünden.

Access systems
In given cases the Student Identification Card can be used as a key for example for the lifts of the FH Graubünden.

Students / Employees

For each student/employee the first FHGR-Card is for free.

Students/employees have to pay SFr. 20.- for the replacement of a lost or damaged card. The charged amounts will be repaid whenever possible.

Cash-Card 

For lost or defect Cash-Cards the SFr. 20.- depot will be retained. For a new card you have to pay a new depot of SFr. 20.-. The charged amounts will be repaid whenever possible.

New card order

New cards can be orderd over the contact form.

For the balance of lost or damaged cards, the FH Graubünden can not be held liable.

To find out the installed MAC version you have to click on the apple and then on „about this Mac“.

A window with the MAC version appears.

For the delivery of large amount of data (until 300 Gigabyte) the Switch Filesender can be used. That's useful for a single delivery of a large amount of data. This is possible from you to your associate, or on invitation to you or to a third person from your associate.

To use the programm, do as follwed:

1. Download Disco from www.fluxicon.com/disco/, and install it on your computer.
2. When registering Disco, make sure to use your offical fhgr-email address!
3. You will be prompted to request an academic license. If you agree to the terms, you're ready to go!

AIMMS is a prescriptive analytics tool for mathematical modelling, optimization and simulation. To use the software with an academic license, proceed as follows:

1. Register at https://licensing.cloud.aimms.com/license/academic.htm.
2. Please only register with the FHGR e-mail address, otherwise the Academic License cannot be activated
3. Specify as "intended use": "Research" for researchers, "Coursework" for students and teachers
4. You will then receive further information for download on the website and by e-mail
5. Important: Copy the license URL and copy it into the tool according to the instructions to activate the license.
6. You can find introductory courses at academy.aimms.com after registering your FHGR email address

The McAfee antivirus software is free available for all students and employees of the FH Graubünden.

Windows

1. Download the file.
2. Extract the zip folder.
3. Execute setupEP.exe.

Mac

1. Download the file.
2. Extract dmg-file and then the pkg-file.
3. Click on all Continue (Fortfahren), Accept (Akzeptieren) an then Installation (Installieren).

Detailed instructions and a link to the downloads can be found in the appendix.

The statics and structural design of 2D bar structures software RuckZuck is avaible for all employees and students of the FHGR:

1. Download the file in the download section of the intranet (RZ60026StudSetup.zip)
2. Extract the zip folder
3. Execute Setup.exe

Detailed instructions can be found in the appendix.

To get access to the FHGR VPN with your iPhone, you have to do the following steps:

1. Download the App "Ivanti Secure Access Client" from the App store
2. Start the App
3. Set the URL https://vpn.fhgr.ch
4. start the connection
5. type in your username and your password.

Detailed instructions can be found in the appendix.

For the use of the protected FH Graubünden WLAN with an iPhone, the following settings are required:

1. Go to "Settings"--> "WLAN".
2. Click on "eduroam".
3. Enter your FH Graubünden username followed by "@fhgr.ch" and the password.
4. Click "Connect".
5. Accept the certificate.
6. If it's necessary turn your iPhone WLAN off and on again.

Detailed instructions can be found in the appendix.

The instruction document of LimeSurvey can be found in the appendix.

Topics in the instruction document:

- Basics LimeSurvey

- Create a survey

Notice: The instruction document is only available in German.

To activate a survey for other persons (group work, etc.), all persons must have registered once in the Limesurvey.

The survey-ID and the persons to be released must be reported to the support (support@fhgr.ch).

The LinkedIn Learning website provides access to over 8,000 exercise videos and over 300,000 video tutorials covering development, design, web, photography, business, education, 3D animation, video, and audio + music.

Instructions on how to log in to LinkedIn works can be found in the appendix.

To charge money on your FHGR-Card you have to go to a charging station. The various charging stations can be found at the following locations:

Building A; Pulvermühlestrasse 57, in front of toilet entrance
Building B; Ringstrasse 34, 3. OG
Building C; Pulvermühlestrasse 80
Building E; Comercialstrasse 22, at the library next to the exit to the cafeteria
Building H; Comercialstrasse 19, 1. OG next to the administration
Building I; Sommeraustrasse, Copy-room

Update terminals

The update terminals can be found at the following locations:

- Building A, EG, on the left side of the charging station across the toilets

- Building B, 2. OG, on the left side of the entry

- Building D, 1. OG, on the left side of the entry

- Building F, EG, on the left side of the entry to the Student Services

- Building H, 1. OG, on the left side of the entry

- Building I, in the copyroom on the left side of the door

Online reader (card reader)

Also some online reader are equipped for the update of the timestamp:

- Building A, 1. OG, first reader of the notebook locker (Shelf Nr. 250)

- Building B, 1. OG, entry to the telecom laboratory

- Building F, 1. OG, first reader of the notebook locker (Shelf Nr. 1139)

Attention: Should the online reader flash alternately blink red and green is an update of the rights at an update terminal necessary.

The update starts automatically when the card is placed on an update terminal/online reader and usually lasts a few seconds.  

The access to eduroam WLAN at the FH Graubünden is also possible for MAC OS . All actual versions of OS X are similar.

1. Choose the WLAN "eduroam" from the WLAN list.
2. Enter your FHGR username followed by "@fhgr.ch" and your password.
3. Click "Connect".

Detailed instructions can be found in the appendix.

It is possible to use the VPN-Client of the FHGR Chur with the Mac OS X:

1. Download and install the file pulse-secure.dmg
2. Install Junos Pulse
3. Configure the VPN-Profile of the FHGR (https://vpn.fhgr.ch)
4. Log in with your username and password of the FHGR

Detailed instructions can be found in the appendix.

To use the FH Graubünden Exchange account with the iPhone, you have to make the following settings:

1. Open "Settings" -> Mail, Contacts, Calendars -> Add Account -> Microsoft Exchange
2. Type in your mail address such as your password
3. The following fields you can fill in like in the picture below.
   The username such as the password you can look up at your FH Graubünden-Accountpaper.

The instruction document of Mail-Archiving can be found in the appendix.

Topics in the instruction document:

- Basics archiving

- Use of the archiving in Outlook

- Use of the archiving in Webmail

Notice: The instruction document is only available in German.

All bachelor and master students (further education excluded) get a mailadress from the FH Graubünden.

The username is the same as the one works with the other systems on the FH Graubünden. The password is the same for the first time. The password for the mailbox can be changed independently of other systems.

All guidance in dealing with this email address can be taken directly on the site of our partner Exigo.

For the major Photonics is the program MATLAB R2018a required and has to be installed before start of course. The student version can be bought for CHF 119.-.

Down below, you can find a manual, how you can get the software. You need a FH Graubünden Mailadress and a valid credit card.

You need an active connection with the VPN client (Pulse Secure) from the FH Graubünden in order to use MAXQDA.

Mendeley is a reference management software, which you can get for free from the producer website.

If you have any questions you can write an E-Mail to the following Mail-Address: citavi@fhgr.ch

The link to the Download of Mendeley, as well as an introduction in German, can be found in the appendix.

Setting up OneDrive for lecturers and students

Registration is via Microsoft Login. Please use your Univerity of Applied Sciences of the Grisons account to register. OneDrive can only be used online or additionally set up locally on the PC. The local installation takes place together with the Office applications, further information can be found in the corresponding support site (Office 365).

The setup for employees with a notebook of the University of Applied Sciences of the Grisons is done by the IT department.

Multiple OneDrive accounts

Several OneDrive accounts can be used in parallel, for example you can use OneDrive from the University of Applied Sciences of the Grisons in parallel with a private OneDrive account. To add more accounts, right-click the OneDrive icon in the taskbar. Under "Settings" select the "Account" tab and click on "Add account".

Restore deleted files and folders in OneDrive

Microsoft's support page has instructions how to restore accidentally deleted data. Please note that items in the recycle bin are automatically deleted after 93 days. After this period or if you delete files or folders from the recycle bin yourself, there is no way for students to restore the data. For employees with a notebook of the University of Applied Sciences of the Grisons, an additional backup will be created by the IT department.

Location for OneNote

If OneDrive is set up, it will be used as the default OneNote save location. The default storage location can be adjusted under "File", "Options", "Settings", "Properties", "Save & Backup". Changing the storage location of an individual notebook is possible under «File», «Settings», «Properties», «Change storage location...».

Procedure when leaving the University of Applied Sciences of the Grisons

The validity of the Microsoft license expires when you leave the University of Applied Sciences of the Grisons. It is therefore important that you back up your data before you leave and save it on a private medium. For example locally on the PC, on a USB stick, on an external hard drive or in another cloud. This applies to data from the University of Applied Sciences of the Grisons OneDrive, in OneNote, Teams or Moodle.

I got my license from SoftwareONE

If you obtained your license through SoftwareONE, you can continue to use it until it expires. You can then obtain a new license (free of charge) from Microsoft. Use your University of Applied Sciences of the Grisons account to register.

Important: you are responsible for migrating your data yourself, this does not happen automatically.

The instruction document for using OneDrive for employees can be found in the appendix.

Notice: The instruction document is only available in German.

The FH Graubünden offers its employees the opportunity to subscribe their Swisscom mobile phone to run on the company account and thus to benefit from very attractive terms.

Procedure / conditions

1. If you need a new device: Aks directly  me about the prices of your "dream" mobile phone.
2. Fill out the form "Übernameerklärung Rufnummer": you can find the form in the appendix.
   (Please notice point 3 of the conditions - if the number handover is within half a year since the start of your subscription you have to pay a one time fee of 300.-).
3. Send the filled out form to  Urs Heusser.

Knowledge in addition

If you have a data-subscription, you are able to check your used data anytime with a SMS "status" to the number 444.

In compliance with the minimum contract period (3 months) and notice period (30 days) can be changed from one to another subscription.

Attention roaming

As communicated again and again from the media, caution is required with the use of the mobile phone in a foreign country.

It seems over and over again, that after the holidays a juicy bill flutters into the house. High data connection or Roaming-Fees can leave a very bitter aftertaste.
Synchronising e-mails or many other small services (e.g., Apps) which are usable with the today's modern mobile phones also belongs to the data services. It's the best of all to deactivate the roaming immediately, otherwise it can become very quick very expensive.
Be basically careful with the use of the mobile phone in a foreign country.

Please also read our information about roaming on the subject of "Costs abroad".

Support

For questions round about the FHGR Swisscom mobile phone subscriptions please contact  Urs Heusser.

An der FHGR wird Multi-Faktor-Authentifizierung (MFA) schrittweise eingeführt.
Die Registration der zusätzlichen Authentifizierungsmethoden ist jederzeit möglich.

Registration MFA bei Microsoft
1. Registrationslink aufrufen https://aka.ms/MFASetup
2. MFA-Methode auswählen und konfigurieren.

Folgende zusätzliche Authentifizierungsmethoden stehen zur Verfügung:

Authentifizierungstelefon (SMS-Code oder Rückruf)
Nach der Eingabe der Natelnummer, kann ausgewählt werden, wie der Kontakt stattfinden soll. Entweder wird ein Code per SMS gesendet oder es muss ein Rückruf getätigt werden.

Telefon (geschäftlich)
Bei Mitarbeitern mit eingetragener Telefonnummer, ist dies schon vorausgefüllt. Es wird ein Telefonanruf getätigt.

Mobile App
Bei der Mobile-App kann entweder die Microsoft Authenticator-App oder eine Drittanbieter-App verwendet werden (z.B Google Authenticator-App, andOTP usw.).

Benachrichtigung (Pushmeldung in der App)
Diese Variante funktioniert nur mit der Microsoft Authenticator-App.
Die Option "Benachrichtigungen zur Überprüfung empfangen" und danach "Einrichten" anwählen. Mit der Microsoft Authenticator-App den QR-Code scannen.

Prüfcode verwenden (Microsoft Authenticator-App)
Die Option "Prüfcode verwenden" und danach "Einrichten" anwählen. Mit der Microsoft Authenticator-App den QR-Code scannen.

Prüfcode verwenden (Drittanbieter-App)
Die Option "Prüfcode verwenden" und danach "Einrichten" anwählen. Neben dem QR-Code "App ohne Benachrichtigungen konfigurieren" klicken und den QR-Code mit der Drittanbieter-App scannen.

Zeitplan und Dienste mit MFA
Q1 2023: VPN
Q2 2023: Webmail Exchange (Mitarbeitende) und Office 365
Q3 2023: Weitere Dienste nach Priorität

This information should help you, buying a new notebook. Below is a list of some suppliers for students (of course there are other suppliers, so compare the prices).

Recommended minimum requirements

• Windows Operating System
• Min. 8 GB RAM
• WLAN
• the possibility for an external backup (e.g. external harddrive)
• Business notebook (solid built)

Notes to MAC-Systems

• Basically are MAC systems permitted (Windows is recommended)
• Dualboot or with Parallels for specific programms is recommended
• Access to WLAN is possible
• Printig is possible

Notes for MMP-Major

• MAC (e.g. MAC BookPro) or Windows
• High performance Laptop is required, particularly with powerful graphics card
• Smartphone with HD-Videocamfunction or a simple digital HD-Camera
• Opitmal:

            • own Headset (headset with Mic)
            • own Microfon for Smartphone/HD-Camera

As a student or employee of the FHGR, Microsoft software products can be obtained at reduced prices, and under certain circumstances even free of charge.

Employee

All software products for work purposes are procured, managed and installed centrally via the IT service. Contact support directly. For private purposes, the Microsoft Office package can be obtained free of charge from Microsoft Online. Use your FH Graubünden account to register.

Microsoft Login

Students

The Microsoft Office package (Outlook, Word, PowerPoint, Excel and OneNote) can be obtained free of charge from Microsoft Online. Use your FH Graubünden account to register.

The local installation can be called up using the "Install Office" button in the top right corner. With the student license you can also use Office online. OneNote can be connected to OneDrive or alternatively to a Switchdrive account.

Microsoft Login

Microsoft Azure Development Tools for Academic Purposes:

Microsoft provides various software and operating systems for teaching. This includes MS Visio, MS Access and current Windows operating system versions.

Azure Dev Tools

The instruction document of OneNote 2016 can be found in the appendix.

Notice: The instruction document is only available in German.

It is desirable that employees of the FH Graubünden hold their Outlook calendar up to date and share it to the other employees.

To share your calendar to all employees you have to do the following steps:

1. Start Outlook.
2. Open the properties of the calendar.
3. Select the Register "Permissions".
4. Set the default-permission to "Reviever".

More specific instructions can be found in the appendix.

To configure the E-Mail account of the HTW-Chur in Outlook use the manuel in the appendix.

Attention: If the plotting-system with Mac OS X 10.10 Yosemite shouldn't work, you have to do the configuration steps at the beginning of the introduction in the appendix.

It is possible to use the plotting-system with MAC OS X Lion, Mountain Lion, Mavericks, Yosemite, El Capitan, Sierra, High Sierra or Mojave.

For a quick install of the Plotter, we've provided a script used in the terminal. You can execute it, as followed described:

1. Search for the Terminal with the magnifier top right by the clock.
2. Copy or type as followed:
   bash <(curl -s "https://my.fhgr.ch/printer.sh")
3. Approve with Enter.
4. Now follow the requests of the script. Allways approve with enter. While entering the passwords, they won't be shown.
5. If you see the Message: "Der Drucker ist erfolgreich installiert", print a testpage, you see now, if the print has functioned.

Detailed instructions without the script, can be found in the appendix.

For each print on printers or copier of the FH Graubünden the costs will be charged to the account of the logged on user.

Print on copiers

Prints on copiers will not proceed until you log onto a copier with the FHGR-Card, push the "Drucken" button at the left and release the document shown in the printing-list.

Copy

The copy functionality is quite similar to the printing. Before you can use the copier, you have to log on with the FHGR-Card and to push the "Kopieren" button.

For printig with Android devices at the FH Graubünden you can use the Everyone-Print solution. There are two options:

1. Send the document you want to print out as an appendix to print(at)fhgr.ch
2. Perform one-time registration. You get an Email for the registration.
3. Print out the document on a multifuncion printer.

or

1. Download the "EveryonePrint" App at the playstore.
2. Do the following configuration in the App:
3. In the register Settings
   Enter "print.fhgr.ch:9444" and click on "Test Connection", then on "Save".
4. In the register Account
   Enter FH Graubünden-accountdata and click "Login".
5. Choose the document you want to print out.
6. Click on "Share with" or "Send to"and use EveryonePrint.
7. Configure your print and enter Submit.
8. Now you can print on the Kopierer.

You can ignore messages like "gethistoryprintjobsforusername". The second option is explained in detail in the document below.

At both options the document appears at the multifunction printers (Kopierer) at the FH Graubünden in the printing-list of the Follow-You-Prints and will be charged according to the price list of the FH Graubünden.

At the FH Graubünden the printing with IOS devices is possible with the Everyone-Print solution. There are two options:

1. Send the document which you want to print to the mail mail address print@fhgr.ch.
2. Perform one-time registration. You get an Email for the registration.
3. Print the document on a multifunctional device (Kopierer).

or

1. Select the "AirPrint HTW Kopierer" at the print-dialog.
2. Print the document on a multifunctional device (Kopierer).

The second option is explained in detail in the document below.

In both options the document appears on a multifunctional printer (Kopierer) of the FH Graubünden in the document list of the Follow-You-Prints and will be charged according to the price list of the FH Graubünden.

Attention: If the printing with Mac OS X 10.10 Yosemite shouldn't work, you have to do the configuration steps at the beginning of the introduction in the appendix.

Attention: all Mac-Models with the M1 Chip must install an additional programm called "Rosetta". To find out if you have a Mac-Model with an M1 Chip go to the apple-icon on the upper left and go to "About this mac".

It is possible to use the printing-system with MacOS Sonoma and previous versions.

For a quick install of the Kopierer, we've provided a script used in the terminal. You can execute it, as followed described:

1. Search for the Terminal with the magnifier top right by the clock.
2. Copy or type as followed:
   bash <(curl -s my.fhgr.ch/printer.sh)
3. Approve with Enter.
4. Now follow the requests of the script. Always approve with enter. While entering the passwords, they won't be shown.
5. If you see the Message: "Der Drucker ist erfolgreich installiert", print a testpage, you see now, if the print has functioned.

Detailed instructions without the script, can be found in the appendix.

The printing with mobile devices, which don't have IOS or Android as operating system, is possible through the EveryonePrint solution.

1. Send the document you want to print out as an appendix to print(at)fhgr.ch.
2. Perform one-time registration.
3. Print out the document on a multifuncion printer (Kopierer).

At the first time you use the Mail-printing you get a Feedback-mail for the registration of your mailadress in the system. It doesn't matter if you register with your FH Graubünden-mailaddress or not.

The document appears at the multifunction printers (Kopierer) at the FH Graubünden in the printing-list of the Follow-You-Prints and will be charged according to the price list of the FH Graubünden.

Most of the PC's at the FH Graubünden have a Shortcut on the Desktop with the Name "Printserver". With this shortcut you can open the list with all printers available at the FH Graubünden. With a doubleclick you can set up the desired printers.

1. Open the shortcut to the Printserver.
2. Set up the desired printer with a doubleclick.

Detailed instructions can be found in the appendix.

It is possible to use the printing-system over WLAN with all versions of Windows.

1. Open the Windows Explorer (not Internet Explorer or Firefox).
2. Type "\\printserver.fhgr.ch" in the adress-field.
3. Type in "edu03\" followed by your username (only for Windows 7).
4. Type in the password and activate the option "Save password" (only for Windows 7).
5. Confirm with "OK".
6. Set up the desired printer with a doubleclick.

For more printers do the steps 1, 2 and 6 again.

Detailed instructions can be found in the appendix.

The entire campus of the FH Graubünden is covered with a non-encrypted wireless LAN. With a username and password of the FH Graubünden almost all wireless-enabled devices get access to the Internet.

1. If you have no account of the FH Graubünden, please go to the IT-Support or administration to request one, or log in with your telephone number (separated instruction -> Public WLAN without a FHGR account).
2. Connect to the 'public'-WLAN.
3. Start your Internet browser (e.g. Internet Explorer, Firefox, etc.).
4. Enter any address. The browser is automatically redirected to a page where you can enter your username and password.
5. After successful authentication you will automatically redirected to the desired page.

The connection to the Internet is activated as long as your device is turned on. After restart, you will automatically be prompted to retype your information.

Detailed instructions for various devices can be found in the appendix.

The WLAN "public" also can be used without a HTW account:

1. Connect to the "public" WLAN network.
2. Start an Internet browser (e.g. Internet Explorer, Firefox, etc.).
3. Enter any address. The browser is automatically redirected to a page where you can enter your username and password.
4. Register with your phone number.
5. You automatically get an SMS on your phone number you had set at the registration.
6. Log in with the username and password you got in the SMS.

Detailed instructions can be found in the appendix.

Roaming-rates for calls and data retrieval in foreign countries are quite expensive.

Swisscom offers various variants which you can choose depending on the situation and country.

Data roaming

For holidays/sporadic stays abroad with "intensive" data usage a data roaming option can be switched on directly at the place you are with the Data-Roaming-Cockpit from Swisscom (URL http://cockpit.swisscom.ch) or with the Swisscom app "Swisscom Cockpit".

The prices of the packages can be found directly in each Cockpit.

If you have bought a Data-Roaming-Option you can check your data volume with sending an SMS to 444. You get a status SMS before the bought volume is depleted.

For regullary stays in the same country we can find the best solution with swisscom. Please contact us.

For questions all around FH Graubünden Swisscom mobile phone subscriptions please contact our Fleetmanager Urs Heusser.

Meeting rooms of the FH Graubünden can be booked in Outlook by every employee.

1. Plan your meeting appointmen.
2. Invite participants as usual.
3. Use the button "Add rooms..." to add the desired meeting room.

Detailed instructions can be found in the appendix.

The Ricoh multifunction devices of the FH Graubünden can also be used for scanning.

To scan a document do the following steps:

1. Log on to any copier with your FHGR-Card (Student Indentification Card).
2. Choose "Scannen".
3. Choose what format the scanned document should have.
4. Scan in the documents and finish the scan with a click on "Launcher".

You don't have to pay anything for a scan.

The scanned documents can be downloaded on the Intranet (my.fhgr.ch). After the logon you can find the scanned documents in the left column at the "Home"-Page.

Scanned documents are stored per user, so that nobody else can access your documents.

Installation:

- Staff: Start the installation in the Softwarecenter

- Students: Use the introduction (only in German)

If you are outside of the FH Graubünden you need an activ connection with the VPN client (Pulse Secure) from the FH Graubünden.

The instruction document of SPSS can be found in the appendix.

Topics in the instruction document:

- spss_anwendung_neu_01: Basic knowledge, procedure and examples

- spss_it_01: Requirements, licenses, installation and access

- spss_anwendung_vertiefung_neu: Procedure and examples

Notice: The instruction document is only available in German.

On the webserver http://stud.fhgr.ch the Standard-Charset had to be changed to UTF-8.

Please mind, that you have to encode the files for the webserver to the UTF-8 format.

For this you can choose for example with Notepad/Editor "Encode: UTF-8" to save the file.

SWITCHdrive offers the members of the FH Graubünden a secure alternative to comercial Cloud-Storage-Services (e.g. Dropbox). With SWITCHdrive files can be safed, synchronized, shared with others or edited together. There are 100GB storage space available for each user.

For the first use of SWITCHdrive an account has to be activated. An introduction you find in the appendix.

To set up a call forwarding you have to do the following steps:

1. Click on "Rufumleitung".
2. Type in the telephone number (if you choose an external number, e.g. your mobile phone, you have to put an 0 ahead the number).
3. Wait for the confirmation sound.

Now on the display you can see, that your telephone is forwarded.

To deactivate the call forwarding you have to click the button "Rufuml. aus" again.

To use the Webinterface you have to open the following link:

https://cucmsrv01.fhgr.ch/ucmuser/

Enter your username and password in the login window.

Hint: The username ans password are the same as your HTW username and password.

An introduction to the Webinterface can be found in the appendix.

Topics in the introduction:

- Basics Webinterface

- Use of Webinterface

Note:The introduction is only available in German.

A short instruction and detailed instructions of the distributor for our VoIP-devices can be found in the appendix.

In the detailed instructions you can find the following topics:

- Accept

- Hold/Pick up

- Switch between calls

- Hand over calls

- Conference

- Call forward

- Hunt

- Missed calls

- Voicemail

- Settings (e.g. ringtone)

- Telephone directory

Note: The instructions are only available in German.

Tools virtual FHGR

The FH Graubünden can use the plagiarismdetection software Turnitin.

In case of suspicion, papers can be tested. Each course studies has key-users who are responsible for testing the papers. New users have to be applied by the IT Support (support@fhgr.ch).

The papers will be compared with the internet and papers already examined by the FH Graubünden.

The instruction document of the Voicemail can be found in the appendix.

Topics in the instruction document:

- Basics Voicemail

- Use of Voicemail

Notice: The instruction document is only available in German.

Die FH Graubünden stellt allen Benutzern (mit einem Account) einen Zugang zur Videokonferenzlösung von Cisco (Webex) zur Verfügung.

Webex Mitarbeiter

Bei Mitarbeitenden, welche ein Notebook der FH Graubünden besitzen (Windows) sind die Webex Tools bereits vorinstalliert und konfiguriert.

Anleitungen für die Benutzung finden sie unten.

To password protect a directory on a web server, do the following:

1. Create a file .htpasswd via FTP in the private directory.
2. Edit the file you just created and copy one user per line into the file.
   You can create the line e.g. at http://www.web2generators.com/apache-tools/htpasswd-generator
   Save and close the password file.
   
3. Create a file ".htaccess" via FTP in the directory you want to password protect.
4. Edit the file you just created and change the title and path to your .htpasswd file:
   Example: if your website is accessible via 109996_1.web1.fhgr.ch the line would be: /var/www/109996_1.web1.fhgr.ch/private/pwd.txt
   
   
5. Save and close the .htaccess file.

The instruction document of Windows 10 can be found in the appendix.

Notice: The instruction document is only available in German.

To use the FH Graubünden Exchange account for Windows mobile device, the following settings are required:

1. Open the settings and choose "e-mail accounts & other".
2. Choose "add an account"
3. Choose "Outlook"
4. Enter the E-mail address & Password. The informations can be found on the FH Graubünden account sheet.
5. Klick on "advanced"
6. Fill in the information for E-mail address, password, username, domain & server like on the picture shown. The information you also find on the account sheet.
   
   
   
7. After completion the exchange account is configured.

For the use of the protected FH Graubünden WLAN with an Windows Phone, the following settings on the device are required:

Attention: The settings only work from "Windows Mobile 7.5".

1. Select list of applications --> settings.
2. Select WLAN.
3. Switch WLAN on & select eduroam.
4. Enter your FHGR username followed by "@fhgr.ch" and password.
5. Select "finish".

Detailed instructions can be found in the appendix

With the VPN-access it is possible to work from home, or on the road, as if you were in the FHGR. Certain services will require this connection.

E.g SPSS or MAXQDA

1. Make sure that you are connected to the Internet
2. Start your internet browser (e.g. Internet Explorer, Firefox, etc.)
3. Type the URL vpn.fhgr.ch
4. Log in with your username and password of the FH Graubünden

At the first time you connect with the VPN, you have to install a small tool. Let the Internet Explorer install the appropriate ActiveX. For any further logins this step is unnecessary.

Detailed instructions with pictures can be found in the appendix.

MFA / 2FA authentication is now required.

The Microsoft OS supports the encryption for the eduroam.

1. Choose the WLAN "eduroam" in the WLAN list and click on "Connect".
2. Type in your username followed by "@fhgr.ch".
   Example: musterhans(at)fhgr.ch
3. Type in your password.
4. Click on "Connect".

Detailed instructions can be found in the appendix

Installation and configuration of the software Zemax OpticStudio.

Notice: The instruction document is only available in German.