Computer Security: “Hello World” - Welcome to CERN
Welcome to the open, liberal and free academic computing environment at CERN. Thanks to your new (or long-established!) affiliation with CERN, you are eligible for a CERN computing account, which enables you to register your devices: computers, laptops, smartphones, tablets, etc. It provides you with plenty of disk space and an e-mail address. It allows you to create websites, virtual machines and databases on demand.
You can now access most of the computing services provided by the GS and IT departments: Indico, for organising meetings and conferences; EDMS, for the approval of your engineering specifications; TWiki, for collaboration with others; and the WLCG computing grid.
“Open, liberal, and free”, however, does not mean that you can do whatever you like. While we try to make your access to CERN's computing facilities as convenient and easy as possible, there are a few limits and boundaries to respect. These boundaries protect both the Organization's reputation and CERN's computing facilities - including your computing account, your devices, and your data and documents.
Along with your CERN computing account comes responsibility. You are, in the first instance, responsible for securing and protecting your account, your devices, your data, your services and the systems you run. You must also follow the CERN computing rules. These are supposed to be permissive enough not to inhibit your professional work but general enough for us to be able to fulfil our mandate to protect the Organization’s operations and reputation.
Let us recall your main duties:
- Protect your computers. Use them in a responsible fashion and always keep them all up-to-date. “Windows Update”, “Apple Update”, and “yum autoupdate” are your friends. Enable them and let them run in the background. For the “Windows” and “MacOS” operating systems, you can even get CERN’s antivirus solution for free - both at CERN and at home! For more details, see here.
- Be careful with e-mail and the web. Not everything you see is what it seems. “Stop and Think” before you click on random web links. If you don’t know or trust its origin, your computer might end up being infected. This is also the case when installing random “programs”, “add-ons” or “plugins” downloaded from the Internet. You need to trust their sources - and even then, you might compromise your operating system. Also refrain from opening attachments to e-mails that do not seem to be for you (addressed to someone else, you don’t know the sender, etc.) or look suspicious (not in your language, typos, factual errors, does not come from the usual address or domain, etc.).
- Protect your password. Your password is yours and yours alone. Please do not share it with anyone, not even your supervisor, the ServiceDesk, or the Computer Security Team. Treat it secretly, like your bank account’s PIN. And be inventive: make your password complex so that it cannot be easily guessed. Dictionary words in any language fail. Mathematical formulas are great! Some hints can be found here.
- Protect your files and data. The world is watching CERN. If you work on sensitive or restricted documents, make sure that only people who “need to know” can access them. If you value your privacy, also make sure that your personal documents are properly protected! All major CERN storage systems (AFS, Alfresco, CDS, DFS, EDMS, INDICO, Sharepoint, etc.) have facilities for restricting and controlling access. Some documents, e.g. those on the AFS Workspaces, might be “public” by default! Check the CERN Data Protection Policy for details.
- Respect copyright. The violation of licences and copyright is a major offence, and also threatens CERN's excellent reputation and integrity. Make sure you have the valid rights to run the software installed on your devices. If you inherited the device from someone else, the time to check is now. Note that any financial liability for copyright violation might be passed on to you, and such a liability might easily be as much as the price of a car!
- Follow the CERN Computing Rules. Just be reasonable - do not be aggressive, racist, discriminating or unfair! Note that CERN tolerates your use of its computing facilities for private activities, so long as these are not political or commercial and do not violate any laws. And, ladies and gentlemen, please refrain from browsing pornographic websites. Besides the reputational impact on the Organization, it is awkward if somebody discovers you doing this or if you receive an e-mail from us asking you to justify your porn browsing habits…
Finally, please recall that these simple duties will enable you to work safely with your computers, both at CERN and at home. Just as you care for your safety in the physical world (when talking to people, crossing the road or driving your car), take care in the digital world when chatting and browsing on the Internet or using software applications!
For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report.
Access the entire collection of Computer Security articles here.
by Stefan Lueders, Computer Security Team