Computer Security: you’re a summer student? Some tips to get you started

Welcome to CERN. For the next couple of weeks, you will be able to breathe in the free academic world of CERN. You will have the chance to learn thanks to in-depth lectures, enjoy the freedom of exploring your preferred or assigned research topic, and form your own network of peers during your evening hours. However, “academic freedom” does not imply that there are no boundaries. At CERN, academic freedom also comes with responsibility. Below are some hints on how best to assume that responsibility securely.


 

You are the primary person responsible for the security of your laptop, smartphone and computer; for your account and your password; for your data; and for the programs, computing systems and services you are developing, so stop and think before acting. If you are working on a project developing code, get the appropriate training first so that your software is “free” of bugs and vulnerabilities that may spoil the functionality of your code and your program. If you have been asked to set up a database or a webserver, consider the offerings of CERN’s IT department first*: they provide a database-on-demand service as well as different web services for free. No need to mess around with hardware, operating systems, web servers and the like – simply create your webpages! Also note that employing external services (i.e. web services outside CERN) is not recommended from a computer security perspective. If you are in doubt or need help designing and structuring the computing part of your project, get in touch with us at Computer.Security@cern.ch. For those of you who are engaged in mathematical simulations, engineering tasks or designing control systems: CERN provides a portfolio of engineering applications for free. There is no need to download additional software from the Internet. If you do need to, contact Software.Licences@cern.ch first as that software might come with license costs or may violate copyrights of third parties.

Talking about rules and copyright violation… although listening to music or watching videos is subject to the agreement between you and your supervisor, note that sharing videos, music or software packages via torrents or other means usually violates copyrights of third parties and hence is not permitted. CERN regularly gets complaints from those companies and if you are not ready to pay their infringement fees, you’d better make sure now that you legitimately own that video/music/software, and that any sharing applications (e.g. Bittorrent) are disabled. You must also comply with CERN’s Code of Conduct and the CERN Computing Rules. The latter stipulates that the personal use of CERN’s computing infrastructure is tolerated as long as impact is kept minimal and all activity is legal, not offensive and not of commercial nature. And gentlemen, ladies: the browsing of porn sites is considered inappropriate. If you want to spare yourself an embarrassing conversation with us, just don’t do it.

Finally, think of your laptop and PC here at CERN and at home: make sure that it is happy and healthy. Allow it to update itself by enabling “Windows Update”, Mac “Software Update” or Linux’s “yum auto-update”, and get decent free anti-virus software for your Windows computer or Mac! Take care when browsing the web – not everything is as it seems, and a bad infection of your computer might require a full reinstallation. So, if in doubt, STOP - THINK - DON’T CLICK. Good luck, and have a fun summer!!!

*The full catalogue is available here.


For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report


Access the entire collection of Computer Security articles here.

by Stefan Lueders, Computer Security Team