Public PCs: Log Out or Lose Out

Do you regularly use one of the public Windows or Linux terminals in the CERN library or in front of the Users' Office? Or do you often give presentations or run meetings, workshops or conferences? Did you recently attend a training session in the CERN Training Centre? If you answered at least once with “yes”, we have a plea for you: LOG OUT when done in order to protect your data!

 

You might recall that CERN considers that “Your Privacy is Paramount”. But this does not come for free. In the few past months, we have received several reports from vigilant people who have spotted open user sessions on public PCs at CERN. Those users simply forgot to log out once their work, training or meeting was over. Their session continued without them being present. Worse, with CERN using a central Single Sign-On (SSO) portal, their login credentials would allow a malicious person at CERN to use those credentials to access that user’s mailbox, DFS files or EDH documents. Fortunately, no abuse has been reported so far. The aforementioned vigilant people were all kind enough to just silently log the users out of their sessions.
 
Remember: log out from your web browser after you have downloaded a presentation from INDICO or EDMS using your CERN password on a conference PC. Log out from your Vidyo session at the end of your conference call. Log out from your PC at the end of your training session or (should the session continue into the next day) lock the screen with a password. Log out from the public PCs in the CERN library or in front of the Users' Office when you are done with your work. Consider rebooting the PC if you cannot log out for some reason. Finally, log out for your colleagues if you find them still logged in. Please restrain your curiosity: attempting to misuse their credentials constitutes a direct violation of the CERN Computing Rules (OC5 III-15).

Check out our website for further information, answers to your questions and help, or write to Computer.Security@cern.ch.

If you want to learn more about computer security incidents and issues at CERN, just follow our Monthly Report.


Access the entire collection of Computer Security articles here.

by Computer Security Team