Computer Security: professionalism in security, too
At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.
In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful features lack adequate security reviews and fail simple penetration tests or security scans.
So, what about applying more professionalism to the realm of computer security? Ask yourself! If you think your service or system deserves a security review, your data might be insufficiently protected, your devices might lack resilience or robustness, or your access or development procedures might be sub-optimal and need to be better secured - then let us help you. Also, if there are general principles that require more attention with regards to security, let us know. For example, critical system configurations and settings, including remote access to essential computing services or control systems should be protected by well-thought-out (and not commonly used) passwords.
If you have any doubts, why not let us help? We can probe your applications and improve access protection for critical or precious devices and systems. We can improve the resilience of software programs, straighten out development processes and reduce the risk of misconfiguration.
For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report.
Access the entire collection of Computer Security articles here.
by Stefan Lueders, Computer Security Team
