1. To review and strengthen the emergency response, system recovery, coordination and control capabilities of national and private colleges and universities in the education system when facing information security incidents in the information system, to review the overall information security protection measures of the education system, and to discuss information security Protective and diligent actions.

2. Important notes on the information security attack and defense drill plan:
   2.1 The total period of the exercise: May 2024 to December 2024
   2.2 Exercise period: working days from July 2024 to September 2024, a total of 3 months
   2.3 Exercise objects: National colleges and universities (47 in total) and private colleges and universities (2 in total), a total of 49 institutions in total.
   2.4 Target scope: Use the organization name, domain name (DN) or network address (IP) of the exercise unit, and use a service-oriented webpage that can be connected through the external Internet. All findings during the exercise will be reported and fully listed. Scored.

3. All units (including administrative, teaching units, and laboratories) are requested to take inventory of the websites, systems, and services open to outside the school.

4. Security protection steps for information open to off-campus users:
   4.1 Regular off-site backup of important data on the website, system and services is required.
   4.2 Confirm whether the operating system, website software, and service software are the latest safe versions. (Example: Windows Update)
   4.3 If the NAS users are all teachers and students on campus, please apply for a VPN connection on campus and do not open the IP to connect from outside the campus.
   4.4 If you need remote desktop connection to the campus host, please apply for an on-campus VPN connection. Do not open the IP to connect from outside the campus.
   4.5 For websites, systems, and services that provide off-campus connections, if funds allow, it is strongly recommended to purchase a hardware firewall, set the port numbers that need to be opened, and block other port numbers to improve security protection.
   4.6 In accordance with the requirements of the Ministry of Education and relevant regulations, websites, systems, and services (NAS) open to off-campus must use Transmission Security Protocol (HTTPS) for transmission.

5. For more question about information security, please directly consult with Computer Center, at rogeryu@mail.ntust.edu.tw or applechang@mail.ntust.edu.tw