CERN: Computing updates https://home.cern/ en Computer Security: Catch me if you can https://home.cern/news/news/computing/computer-security-catch-me-if-you-can <span>Computer Security: Catch me if you can</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><figure class="cds-image align-right" id="CERN-HOMEWEB-PHO-2022-104-1"><a href="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-104-1" title="View on CDS"><img alt="home.cern,Computers and Control Rooms" src="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-104-1/file?size=large" /></a><figcaption><span>(Image: CERN)</span></figcaption></figure> <p>The Zebra Scientific Alliance has been compromised; hit hard by an attacker. Zebra’s IT experts and computer emergency response teams are on the prowl, trying to get to the bottom of the malicious deeds. The scenario is opaque. Details are unclear. Log files are missing. Time is running out. Pressure rises. Police is pushing. Journalists are inquiring. And nothing is as it seems.</p> <p>Fortunately, Zebra is not real. Fortunately, nobody has been attacked here. Fortunately, this is just a table-top exercise for system administrators, computing personnel and security experts to better understand the complexity of today’s IT sphere, the interconnectivity of data centres and the problems that can arise when resolving large-scale cyber-security incidents. A mysterious, but serious, crime, for which teams have to join forces. In order to save the Zebra Scientific Alliance from disaster. To protect its reputation. To enable research to resume quickly. And to find the culprit who has put Zebra’s mission at risk.</p> <p>The exercise has been designed to depict the complexity of real computer security incidents as handled in the past by the CERN, EGI and WLCG computer incident response teams (CSIRTs). Usually, such incidents are vast, involving lots of different partners, several physically distant sites and administrators responsible for different layers of the local software stack, like the operating system, web application and databases. Some administrators might not understand or know what is running within their data centre, others are busy with daily operations and reluctant to help, and others might not even speak or understand your language. Local computer emergency response teams might lack the necessary skills or tools or simply do not exist. Access and system logs are usually incomplete and almost certainly distributed such that they would need to be gathered together to have a more holistic picture of what goes on. Attackers are using their skills to further obfuscate this picture, trying to hide their traces, manipulate or purge logs and sabotage any incident investigation in order to avoid getting caught. And management is pressing to get that incident resolved so that personnel resources can focus on their core work again and computing services can resume operations.</p> <p>In summary, large-scale computer security incident response is stressfully fun. This exercise will bring that fun to you. Teaching you the inherent problems of incident response. Making you aware of the struggles involved. And pointing you towards ways that we all can do better.</p> <p>So, stay tuned. Zebra will soon be coming to a theatre at CERN too, looking to recruit people with a bit of an IT or security background to participate in this table-top exercise designed to promote better understanding of large-scale incident response. Sign up to get the call at cert-info@cern.ch (<a href="https://e-groups.cern.ch/e-groups/EgroupsSubscription.do?egroupName=cert-security-info">https://e-groups.cern.ch/e-groups/EgroupsSubscription.do?egroupName=cert-security-info</a>).</p> <p>______</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">our Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Wed, 05/25/2022 - 12:46</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-05-12T10:41:51Z">Thu, 05/12/2022 - 12:41</time> </div> </div> Wed, 25 May 2022 10:46:28 +0000 anschaef 182618 at https://home.cern Computer Security: Spot the difference? https://home.cern/news/news/computing/computer-security-spot-difference <span>Computer Security: Spot the difference?</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>That was a close call. 100 kCHF. In three tranches. Invoiced to two different partner institutes. But with banking details that are not CERN’s. Due to, presumably, one unfortunate click. Due to a subsequently compromised email account. And the actions of criminals trying to extort money. Fortunately, vigilance on the payer’s side prevented any harm.</p> <p>We have repeatedly published articles on “<a href="https://home.cern/news/news/computing/computer-security-vigilance-and-calmness">phishing</a>” and the risks when browsing the web or opening emails. STOP – THINK – DON’T CLICK is still the mantra to follow. When <a href="http://home.cern/news/news/computing/computer-security-email-senders-pretence-vs-reality">receiving emails</a>, WhatsApp messages or even <a href="https://home.cern/news/news/computing/computer-security-phishms">SMSs</a> with embedded links or attachments, or when photographing <a href="https://home.cern/news/news/computing/computer-security-check-me-comes-scan-me">QR codes</a>. But we are humans, ergo not perfect. And as <a href="http://home.cern/news/news/computing/computer-security-truth-lies-url">our clicking campaigns</a> of the past have shown, around 20% of us fail to spot a malicious email and go ahead and open it… Like in this real case. An example for us all of why it’s important to remain vigilant and careful!</p> <p>Presumably, it all started with an unfortunate click. One click, which gave the attackers access to their innocent victim. With that access, and a plan already in mind, they trawled through the victim’s mailbox hunting for “juicy” stuff. Like emails they could monetarise on. And, bingo, they found invoices since this is their victim’s job: invoicing. Sending invoices to partner institutes and universities. Invoices that the attackers could use for their criminal deeds. To avoiding being spotted, they made sure that any future communication about their deeds remained hidden. So-called “mail routing rules” configured in the victim’s mailbox ensured that any criminal mails landed not in the inbox but in a folder hidden in the “junk email” compartment. Who checks their junk folder? The attackers even created a fake domain, “CERN-CH.COM”, in order to have an independent channel to monitor communication. With the scene set, they were ready to reap their rewards.</p> <p>“We are suspending all transactions on our old accounts, due to internal audit and tax review.” That was the email sent to two, and only, two institutes on the victim’s behalf. Attached was the new invoice. Take a look at the new and the old invoices below. Can you spot the difference?</p> <figure class="cds-image" id="CERN-HOMEWEB-PHO-2022-080-2"><a href="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-080-2" title="View on CDS"><img alt="home.cern,Computers and Control Rooms" src="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-080-2/file?size=large" /></a> <figcaption> </figcaption></figure> <figure class="cds-image" id="CERN-HOMEWEB-PHO-2022-080-1"><a href="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-080-1" title="View on CDS"><img alt="home.cern,Computers and Control Rooms" src="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-080-1/file?size=large" /></a> <figcaption> </figcaption></figure> <p>Indeed, the criminals tampered with the invoices and modified them in such a way that money would be transferred not into CERN’s bank account with UBS (“CH93”) but into their pockets in Spain (“ES02”). The trap would have worked if the other side – the payer who was supposed to settle the bill – hadn’t been vigilant and mistrustful. Fortunately, they were! But, as the criminals controlled the victim’s mailbox, initial questions raised by the payers were refuted by the criminals. They tried to convince the payer that everything was in order. That the invoices were genuine. That the new IBAN was valid. That the payers should just settle the invoice… Fortunately, again, the email back-and-forth added more people to the conversation, which triggered alerts on both sides. Enter CERN Finance. Enter CERN Computer Security. Full stop. For the criminals.</p> <p>Further investigations revealed their machinations as described above. Fortunately, no damage was done. No other institutes were involved. And no more invoices were tampered with. The malicious domain “CERN-CH.COM” and the malicious IBAN “ES02” have been disabled by our partners in the security community and in law enforcement.</p> <p>This episode shows, once again, why vigilance when opening emails, attachments or links is of the utmost importance – in particular when dealing with critical services, invoices and payments. Using, as happened in this case, a communication channel other than emails in order to check the validity of bank information changes, ideally with contact people who are already known and familiar, is definitely best practice. Also, using the four-eyes principle, whereby two people – two accounts – are required to validate invoices and payments is advantageous. Finally, and more generally for anyone dealing with sensitive emails and critical services, the planned deployment of two-factor authentication (“2FA”; “<a href="https://home.cern/news/news/computing/computer-security-log-click-be-secure">Log in. Click. Be secure</a>”) would also have helped, as this would have stopped the victim’s account being compromised in the first place. Hence, once more, STOP – THINK – DON’T CLICK!, and consider joining the 2FA pilot. Just drop an email to Computer.Security@cern.ch.</p> <p>_______</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">our Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Tue, 05/10/2022 - 11:48</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-05-10T09:42:25Z">Tue, 05/10/2022 - 11:42</time> </div> </div> Tue, 10 May 2022 09:48:50 +0000 anschaef 182529 at https://home.cern Computer Security: Log in. Click. Be secure https://home.cern/news/news/computing/computer-security-log-click-be-secure <span>Computer Security: Log in. Click. Be secure</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>The ultimate silver bullet to protect your account, computer and data is using a sufficiently complex and unique password combined with a second-factor token, i.e. in addition to the password you know, something you have, like your smartphone or a hardware token. This authentication process is known as two-factor authentication (“2FA”). It presents a huge hurdle for any attacker, as they would need to not only acquire your password, which can be achieved virtually (“<a href="https://home.cern/news/news/computing/computer-security-cern-has-been-phished-again">CERN has been phished again</a>”), but also physically steal your hardware token. As announced in the <em>Bulletin</em> of November 2021 (“<a href="https://home.cern/news/news/computing/computer-security-multifactor-masses">Multifactor for the masses</a>”), CERN is ready to roll out 2FA for part of the CERN community in the second quarter of 2022. Log in. Click. Be secure.</p> <p>In 2020, CERN focused on rolling out 2FA for experts needing to access and administer certain computing services, i.e. those with access to critical control systems (e.g. via the BE department’s ROGs), IT systems (e.g. using Foreman) or sensitive data. However, this led to confusion among many users on when to use just their password and when to use multi-factor authentication. Also, this did not take full advantage of two-factor authentication, as thorough, coherent and profound 2FA deployment is seen as the silver bullet for achieving account security (as already employed by your bank and, possibly, used by you outside CERN).</p> <p>Hence, as of the second quarter of 2022, using two-factor authentication when logging into any CERN web application will become mandatory for those aforementioned experts given their critical powers and the critical nature of their accounts. As of then, CERN’s new web-based Single Sign-On (SSO) portal will require them to authenticate with both their password and their second factor for any website behind CERN’s new web-based SSO*, regardless of whether it is to access a critical control system, administer a very important computing service or just browse the CERN phonebook or any other webpage behind the SSO.</p> <p>Two hardware tokens are currently supported:</p> <ul> <li>a dedicated one-time password generation app for smartphones – making that smartphone the second hardware token – or</li> <li>a physical USB token (e.g. “Yubikey”) that uses a CERN-dedicated private/public keypair (<a href="https://webauthn.guide/">https://webauthn.guide/</a>) for the second authentication step.</li> </ul> <p>Once authenticated correctly, work will continue as normal, as browser sessions will <a href="https://auth.docs.cern.ch/user-documentation/time-limits">stay active for 12 hours</a> or until the browser is closed, or another browser/device is used. This would give those experts, their accounts, their data and applications and – ultimately – CERN the best protection against identity theft and password exposure.</p> <p>People who are using CERN computing facilities “only” for their research duties and scientific endeavours are not affected by this new feature deployment but are still invited to opt in through <a href="https://users-portal.web.cern.ch/">the IT User Portal</a>, and we hope that as many people as possible value their protection highly enough to take this additional step – a step that is common when accessing your bank account, for instance.</p> <p><strong>Roll out of this “2FA-WithNewSSO” (“2FA-WINS”) feature has started</strong> and will pursue in a staged approach commencing today for all volunteers interested in better securing and <a href="https://home.cern/news/news/computing/computer-security-protect-your-family">protecting their account and digital life</a>. Just subscribe to <a href="https://e-groups.cern.ch/e-groups/EgroupsSubscription.do?egroupName=2fa-always-on-volunteers-sso">this e-group</a> to join. For members of the CERN IT department, the usage of 2FA-logins on CERN’s new web-based SSO will become mandatory during Q2 2022, and, subsequently, followed by all experts holding critical access in the course of summer 2022. Check out all the details (like how to activate 2FA or what to do if you lose it) on <a href="https://security.web.cern.ch/recommendations/en/2FA.shtml">our dedicated webpage</a>. Log in. Click. Be secure.</p> <p> </p> <p><em>*Non-web-based applications, like SSH bastion hosts, will continue to require 2FA only on a case-by-case basis. Similarly, logins via the old SSO are not affected as this old service is supposed to be phased-out.</em></p> <p>_____</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow our <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Mon, 04/25/2022 - 14:56</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-04-25T12:48:02Z">Mon, 04/25/2022 - 14:48</time> </div> </div> Mon, 25 Apr 2022 12:56:05 +0000 anschaef 182179 at https://home.cern Building work for CERN’s new data centre in Prévessin begins https://home.cern/news/news/computing/building-work-cerns-new-data-centre-prevessin-begins <span>Building work for CERN’s new data centre in Prévessin begins</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>On Friday, 22 April, a special ceremony was held to mark the beginning of construction of CERN’s new data centre. The CERN Data Centre in Prévessin will come online during the final quarter of 2023. This new, energy-efficient facility will play a vital role in meeting the computing needs generated by the ambitious upgrade programme for the <a href="https://home.cern/science/accelerators/large-hadron-collider">Large Hadron Collider</a> (LHC).</p> <p>When the <a href="https://home.cern/science/accelerators/high-luminosity-lhc">High-Luminosity LHC</a> (HL-LHC) comes online in 2029, the total computing capacity required by the experiments is expected to be ten times greater than today. Some of this shortfall will be filled by harnessing new, cutting-edge technologies and techniques: today, projects are examining how code can be modernised, how to capitalise fully on heterogeneous computing architectures, and how to benefit from the use of machine- and deep-learning approaches. Nevertheless, a significant increase in computing resources will be required.</p> <p>“Computing is central to CERN’s mission,” says Charlotte Warakaulle, CERN Director for International Relations, who participated in the first-stone ceremony for the new data centre. “It turns data into knowledge, helping physicists unlock the secrets of the universe.”</p> <p>The CERN Data Centre in Prévessin will provide computing resources up to a total electrical power requirement of 12 megawatts. These resources will be delivered in three phases. Each phase corresponds to one of the three floors of the new data centre, with the first phase set to run from 2023 to 2025. It will see computing resources requiring up to 4 megawatts of electrical power installed; this is approximately the same as the power of the current CERN Data Centre in Meyrin for computing (excluding cooling).</p> <p>The CERN Data Centre in Meyrin will continue to run in parallel, with a particular focus on data storage. Together, the two data centres will form the heart of the Worldwide LHC Computing Grid (WLCG), the global computing network used to analyse and store data from the LHC experiments. Today, the WLCG consists of 170 computer centres in 42 countries that formally pledge computing resources. Together with tens of additional computer centres that contribute on other terms, they have been able to provide up to 1.4 million computer cores and 1.5 exabytes of storage.</p> <p>Energy efficiency is at the core of the new data centre’s design; CERN's Procurement Service paid special attention to including sustainable solutions for the new building. CERN aims for the new data centre to have a power usage effectiveness (PUE – an indicator used for measuring the energy efficiency of a data centre) of around 1.1. To put this in context, the global average PUE for large data centres is around 1.5, with new data centres typically achieving a PUE between 1.2 and 1.4 (the closer to 1.0, the better the PUE score). The PUE of the CERN Data Centre in Meyrin is about 1.5.</p> <figure class="cds-image" id="CERN-HOMEWEB-PHO-2022-067-1"><a href="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-067-1" title="View on CDS"><img alt="home.cern,Sites and Aerial Views" src="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-067-1/file?size=large" /></a> <figcaption>An artist’s impression of the CERN Data Centre in Prévessin. The facility will consist of three floors, to be progressively filled with computing equipment over the first ten years of operation.<span> (Credit: + IMGS – Rocco Valantines)</span></figcaption></figure> <p>The CERN Data Centre in Prévessin will make use of the latest cooling technologies and will recuperate heat energy for warming other buildings on site. During the data centre’s first phase of operation, the majority of the rejected heat will be recovered. Projects for using this are now under consideration, with the target of bringing them online during this first phase.</p> <p>“We’re proud that our new data centre will achieve the highest levels of energy efficiency,” says Enrica Porcari, Head of the CERN IT department. “This helps us to keep costs down and fulfil our commitment to protecting the environment.”</p> <p>Enrica Porcari and Charlotte Warakaulle were joined at the first-stone ceremony by Pippa Wells, CERN Deputy Director for Research and Computing, and Wayne Salter, leader of the project behind this new data centre. They were also joined by representatives of the companies that will be responsible for building the new data centre and operating it for the first ten years. Together, the group placed a time capsule into the building, containing a microprocessor, the signed contract for the new data centre and a photo of members of the IT department in 2022.</p> </div> <span><span lang="" about="/user/21331" typeof="schema:Person" property="schema:name" datatype="">thortala</span></span> <span>Fri, 04/22/2022 - 16:05</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/andrew-purcell" hreflang="en">Andrew Purcell</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-04-22T14:03:48Z">Fri, 04/22/2022 - 16:03</time> </div> </div> Fri, 22 Apr 2022 14:05:10 +0000 thortala 182019 at https://home.cern Computer Security: Email equals letters https://home.cern/news/news/computing/computer-security-email-equals-letters <span>Computer Security: Email equals letters</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>The old folks among us might still remember. Taking out a sheet of plain white paper. Or glossy. Handcrafted. With structure. Or elegantly, perfectly white. 80 g. 120 g. 240 g. And a pencil, a ballpoint pen or even a fountain pen. Sharpening it. Filling its reservoir with ink. Also sharpening the mind. Filling it with ideas. A message. To a loved one. Putting those thoughts to paper. Joined-up handwriting. In one flowing line. Right down to the “Yours truly” and the signature. A work of art. With compassion. Finished off with a proper envelope. Tasting the weird flavour of the glue when pasting it shut. Maybe even sealing it with wax. And finalising it with the name and address of its destination. Possibly indicating the sender. The good old days. Writing letters.</p> <p>Much of this has been lost when moving to digital letters. Aka emails. No paper. No pencil. And definitely often also a huge lack of sharpness of mind. Thoughts. Devotion. Just a hack on the keyboard. Cold. Emotionless. With only its speed and the lack of a need to lick the envelope as advantages. And the former could even be disputed. It’s unfortunate that the romanticism of writing letters got lost in emails.</p> <p>Even more unfortunate, however, is the fact that emails still follow the technical principles of letters: while the recipient’s address must be 100% correct to arrive safely at its destination, the sender can be whomever you fancy. Your name (if you’re an honest soul). The name of your neighbour (whom you despise). Donald Duck at Disneyland, Paris (funny, funny!). The same name as the recipient (to confuse them?). That of the tax authorities (to scam). Or just left out (total anonymity if you don’t happen to send it from your standard mail client). In short, email senders can be spoofed. They don’t tell you anything about the sender. Nothing. Nichts. Nada. Rien.</p> <p>When receiving an email, therefore, please don’t rely on the supposed sender. Rely on the overall package. Its contents. The thoughts and romanticism, if any, put into its words. Their meaning. The way they connect to you. Your being. Your personal life. Your professional duties. Is there a resonance? A correspondence? Is it in a language you speak? Or, quite simply, does the email make sense to you? Please note that J. Bieber and B. Spears will not send around nude pictures of themselves. That your ex-spouse is very unlikely to still send you love letters. That no legitimate firm will ask you to reply with your password. That you will never receive a valid invoice from a company with which you do not have any contractual engagement. And if the sender is pressing you hard, asking for money, with tight deadlines (“Please speed up the payment immediately”), or confronting you with embarrassing information (“I know you love watching porn”), you should definitely hold fire!</p> <figure class="cds-image" id="CERN-HOMEWEB-PHO-2022-054-1"><a href="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-054-1" title="View on CDS"><img alt="home.cern,Computers and Control Rooms" src="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-054-1/file?size=large" /></a> <figcaption> </figcaption></figure> <p>In all these cases, STOP – THINK – DON’T. DON’T REPLY (in particular don’t reply with your password). DON’T OPEN attachments. DON’T CLICK on embedded links. Tame your curiosity. Delete those mails. It’s better to be safe than sorry. And if in doubt, just check with us at Computer.Security@cern.ch.</p> <p>Remember the good old paper letters. Only if they touched your heart did you file them away with your keepsakes. As a souvenir. Forever. All the others were destroyed or went unanswered. Maybe the time has come to take out paper and pen, sharpen your mind and send some romantic words to your beloved?</p> <p>________</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">our Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Tue, 04/05/2022 - 11:10</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-04-05T09:04:59Z">Tue, 04/05/2022 - 11:04</time> </div> </div> Tue, 05 Apr 2022 09:10:07 +0000 anschaef 181836 at https://home.cern CERN joins a first-of-its-kind global celebration of World Quantum Day https://home.cern/news/announcement/computing/cern-joins-first-its-kind-global-celebration-world-quantum-day <span>CERN joins a first-of-its-kind global celebration of World Quantum Day</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>14 April 2022 marks the first anniversary of <a href="https://worldquantumday.org/">World Quantum Day</a> – an international initiative launched by scientists from more than 65 countries to promote public understanding of quantum science and technology worldwide.</p> <p>To mark the first anniversary of this global celebration, CERN is organising a scientific symposium comprising a series of talks highlighting different areas of the quantum research field. From the history of quantum information to examples of concrete quantum-related projects already under way at CERN, the discussions will explore the past, present and future of quantum science and technology within the high-energy physics (HEP) community and beyond.</p> <p>Among the keynote speakers are John Ellis and Nicolas Gisin. In their joint opening talk, they will outline the early days of quantum science at CERN and what that pioneering effort means for modern research. Their talk will be followed by three presentations on experimental quantum physics, quantum computing applications and the CERN Quantum Technology Initiative (QTI).</p> <p>The event will take place in the CERN Council Chamber on 14 April from 4.30 to 6.00 p.m. CEST and will also be webcast live: <a href="https://webcast.web.cern.ch/event/i1145733">https://webcast.web.cern.ch/event/i1145733</a>. Some previous knowledge of quantum physics is required to follow the talks, except for the final presentation on CERN QTI, which will aim to provide a broad overview of quantum-related research and educational activities at CERN.</p> <p>At the end of the session, there will be a Q&amp;A session for attendees wanting to find out more about quantum technologies and the way they could benefit our society.</p> <p>Full information – including a list of speakers and how you can register – is available on the event page: <a href="https://indico.cern.ch/event/1145733/ ">https://indico.cern.ch/event/1145733/</a>.</p> <p>To find out more about the initiative and possible ways to get involved, visit: <a href="https://worldquantumday.org/how-to-engage/">https://worldquantumday.org/how-to-engage/</a></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Tue, 04/05/2022 - 10:33</span> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-04-05T08:28:57Z">Tue, 04/05/2022 - 10:28</time> </div> </div> Tue, 05 Apr 2022 08:33:47 +0000 anschaef 181835 at https://home.cern Research and industry unite at 2022 CERN openlab Technical Workshop https://home.cern/news/news/computing/research-and-industry-unite-2022-cern-openlab-technical-workshop <span>Research and industry unite at 2022 CERN openlab Technical Workshop</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>Over 200 people attended the 2022 CERN openlab Technical Workshop. The event was run online over three days, from 21 to 23 March. It saw leading computing experts from research and industry come together to discuss the work carried out through 32 joint R&amp;D projects spread across CERN.</p> <p><a href="https://openlab.cern/">CERN openlab</a> is a unique public–private partnership, through which CERN collaborates with leading technology companies. For 20 years, this partnership has been working to accelerate innovation in the computing technologies required by the LHC research community. Today, there are over 20 companies and research organisations working together in CERN openlab. Industry members include Intel, Oracle, Siemens, Micron and Google.</p> <p>At the 2022 CERN openlab Technical Workshop, project teams shared their progress and discussed upcoming IT challenges related to the LHC’s ambitious upgrade programme. “Through CERN openlab, we are working with industry leaders to tackle tomorrow’s IT challenges today,” says Enrica Porcari, head of the CERN IT Department. “These challenges are relevant to a growing range of scientific fields, as well as wider society. Through collaboration with CERN’s Knowledge Transfer group and dedicated R&amp;D projects focused on sharing knowledge and tools with other communities, CERN openlab plays an important role in contributing to CERN’s positive impact on society.”</p> <p><strong>Exascale, AI, quantum computing and more</strong></p> <p>A particular highlight from the first day of the workshop, dedicated to exascale computing technologies, was the opening technical presentation, which focused on <a href="https://home.cern/news/news/computing/allen-initiative-supported-cern-openlab-key-lhcb-trigger-upgrade">the Allen project</a>. This project has developed a new, more efficient system that sees the first level of the LHCb experiment’s data-filtering ‘trigger’ system move to running on graphical processing units (GPUs), rather than general-purpose central processing units (CPUs).</p> <p>The second day of the workshop focused on two separate topics, AI and collaborations with research beyond particle physics, with presentations on both the potential of advanced AI for data analysis at CERN and CERN openlab’s impact on various fields such as quantum encryption, climate modelling and satellite imagery to support humanitarian interventions. The third day focused on quantum technologies, including presentations on <a href="https://quantum.cern/">the CERN Quantum Technology Initiative</a> (QTI), an exciting new venture that <a href="https://home.cern/news/press-release/knowledge-sharing/cern-quantum-technology-initiative-unveils-strategic-roadmap">published its first strategic roadmap in October 2021</a>.</p> <p><strong>Working together to tackle tomorrow’s IT challenges today</strong></p> <p>During 2022, the CERN openlab team will carry out work to strengthen existing collaborations with industry, finalising plans for a range of exciting R&amp;D projects, as well as establishing new collaborations to address emerging IT challenges.</p> <p>“CERN openlab has built deep connections between members of CERN’s research community and the R&amp;D teams at the leading technology companies participating in this partnership. It is testament to the strength of these connections that we have been able to both grow our collaborations and make important technical progress on projects over the last two years when in-person interaction has been severely limited,” says Maria Girone, CERN openlab’s Chief Technology Officer. “We are now looking forward to resuming face-to-face meetings with our collaborators and to welcoming the 2022 cohort of CERN openlab summer students to the CERN site in July.”</p> </div> <span><span lang="" about="/user/21331" typeof="schema:Person" property="schema:name" datatype="">thortala</span></span> <span>Thu, 03/31/2022 - 12:06</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/andrew-purcell" hreflang="en">Andrew Purcell</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-03-31T10:01:44Z">Thu, 03/31/2022 - 12:01</time> </div> </div> Thu, 31 Mar 2022 10:06:07 +0000 thortala 181715 at https://home.cern Computer Security: PhishMS https://home.cern/news/news/computing/computer-security-phishms <span>Computer Security: PhishMS</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>Clicking on the wrong malicious link or attachment, or disclosing your password in reply to a malicious email or on a fake and nasty CERN single sign-on page, are two major attack vectors for the evil side to infiltrate CERN. That’s why the Computer Security team <a href="https://cds.cern.ch/journal/CERNBulletin/2016/09/News%20Articles/2133799?ln=en">is testing</a> you <a href="https://home.cern/news/news/computing/computer-security-one-click-and-boom-reloaded">again</a> and <a href="https://home.cern/news/news/computing/computer-security-free-click-your-awareness">again</a> with its clicking campaigns (see <a href="https://home.cern/news/news/computing/computer-security-click-me-not">here</a>, <a href="https://home.cern/news/news/computing/computer-security-cern-has-been-phished-again">here</a> and <a href="https://home.cern/news/news/computing/computer-security-truth-lies-url">here</a>). While those were focusing on malicious messages received by email, we should not ignore other vectors, like SMSs.</p> <p>SMSs, iMessages and (with greater difficulty) chat messages via apps like WhatsApp, Signal or Threema can also be used to distribute unsolicited messages containing malicious content that try to lure you into clicking on an embedded link that misdirects you to a fake login page or downloading infected software directly to your device:</p> <figure class="cds-image" id="CERN-HOMEWEB-PHO-2022-043-1"><a href="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-043-1" title="View on CDS"><img alt="home.cern,Computers and Control Rooms" src="//cds.cern.ch/images/CERN-HOMEWEB-PHO-2022-043-1/file?size=large" /></a> <figcaption> </figcaption></figure> <p>Clicking on that t.ly link could lead you anywhere, and it’s hard to figure out whether the destination is harmless or dangerous to your device and password – just like with today’s very popular QR codes (“<a href="https://home.cern/news/news/computing/computer-security-check-me-comes-scan-me">'Check me' comes before 'Scan me'</a>”). SMSs are a particularly interesting attack vector, as the relevant phone numbers can be enumerated, so attackers target a telephone range, like that of CERN’s +41 75 411 nnnn. Protective counter measures are rarely effective, in particular if the emitting sender’s phone number varies or is spoofed. So, while in messenger apps the attacker or idiot distributing malicious links must be part of your peers, group or friends, SMSs can arrive totally unsolicited.</p> <p>In either case, beware! As we have tried to instil in you with our clicking campaigns, be vigilant and suspicious when receiving unsolicited messages via SMS, iMessage, WhatsApp and the like. Check the package: Does the message come from someone you know? Do its contents relate to who you are, what you do, what you expect? Or does it come as a surprise? If it’s the latter, tame your curiosity. Refrain from clicking. Save your device and account from evil, and yourself from wasting time. Don’t give PhishMSs a chance.</p> <p>______</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow our <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Tue, 03/22/2022 - 12:39</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-03-16T11:09:04Z">Wed, 03/16/2022 - 12:09</time> </div> </div> Tue, 22 Mar 2022 11:39:53 +0000 anschaef 181358 at https://home.cern Computer Security: Vigilance and calmness https://home.cern/news/news/computing/computer-security-vigilance-and-calmness <span>Computer Security: Vigilance and calmness </span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>Like during <a href="https://home.cern/news/news/computing/computer-security-tele-protect">the rise of the coronavirus</a> two years ago, malicious actors are taking advantage of the current global political situation to pursue their criminal deeds. Phishing. Distributing malware. Abusing computing resources. Exploiting this situation of fear, uncertainty and doubt (FUD) to spread misinformation, or creating incentives to make you click on the wrong message, email or QR code. Contrary to during COVID, however, these actors are also calling for help. Asking people to run offensive tools to help them further their deeds and interests. On behalf of CERN, therefore, we ask you to stay exceptionally vigilant and calm.</p> <p><strong>Be exceptionally vigilant</strong> when you receive emails coming from unknown senders or containing unsolicited content. Be careful <a href="https://home.cern/news/news/computing/computer-security-truth-lies-url">when opening attachments or links</a>. The same holds true for WhatsApp/Telegram/Signal messages and links therein. And for <a href="https://home.cern/news/news/computing/computer-security-check-me-comes-scan-me">QR codes</a>. Tame your curiosity and use “STOP – THINK – DON’T CLICK” as the best mantra <a href="https://home.cern/news/news/computing/computer-security-about-risks-and-threats">to avoid endangering</a> your computer, your digital life and the functioning of CERN. Pause when a message arrives from someone you’ve never encountered before, and remember that email senders <a href="http://home.cern/news/news/computing/computer-security-email-senders-pretence-vs-reality">can easily be spoofed</a>. Consider also the content. Does it make sense to you? Does it speak your language? Does it play on your curiosity? Or fear? Or guilt? Does it try to force you to open the attachment or the link? Just STOP – THINK – DON’T CLICK and cross-check with us at Computer.Security@cern.ch.</p> <p><strong>Stay calm</strong> and do not engage with the pleas of some (other) actors. Do not follow calls to run offensive software, like those used to run distributed denial of service (DDoS) attacks against thirty-party websites. Operating such tools on CERN equipment or the CERN network is in violation of CERN’s Computing Rules (<a href="https://cern.ch/ComputingRules">OC5</a>) and any deliberate and conscious operation of those tools will be followed up. Similarly, running such tools at home might be illegal and/or make your ISP believe your computers are infected and block/throttle them.</p> <p>While we in the Computer Security team are actively monitoring for any attack against our mailboxes and computing facilities, for any abuse of our computing resources, we ask you once more: be exceptionally vigilant and stay calm. Help us to keep the Organization secure.</p> <p>______</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">our Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Wed, 03/09/2022 - 11:18</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-02-24T05:11:53Z">Thu, 02/24/2022 - 06:11</time> </div> </div> Wed, 09 Mar 2022 10:18:37 +0000 anschaef 181135 at https://home.cern Computer Security: Time for a spring clean https://home.cern/news/news/computing/computer-security-time-spring-clean <span>Computer Security: Time for a spring clean</span> <div class="field field--name-field-p-news-display-body field--type-text-long field--label-hidden field--item"><p>Spring is coming up fast and, in a deeply rooted tradition for house husbands and housewives, the time has come for a spring clean. Thoroughly cleaning the rooms, repainting some walls, fixing broken tiles, pimping up and beautifying your property, getting rid of unused clothes (or those which changed size and do not fit anymore), throwing out things that are just accumulating dust. And, while you’re at it, why not also take a look at your digital belongings, in particular those hosted by CERN?</p> <p>Digital resources deserve some housekeeping too. A clean-up. Some fixing. Or to be thrown away, purged and deleted. For good. Experience has shown that creating/spawning digital resources is easy and usually comes with a need. The incentive to create is a given. But once a device, virtual machine, container, website, program or application is deployed and up and running, the incentive to maintain it diminishes. If the resource does its job, why bother? In many cases, the resources are sitting around idle, still consuming power and CPU cycles, blocking disk space, eating network bandwidth and posing a growing computer security risk. The most recent vulnerability (“<a href="https://home.cern/news/news/computing/computer-security-unwanted-presents">log4shell</a>”) has once more demonstrated the problem: when we asked people to fix that vulnerability in certain “Openshift containers”, and there were dozens, about 50% of the owners replied by saying “I don’t need that anymore and deleted it”. 50%. 50% of resources idle …</p> <p>Thus, spring has arrived and we would like to encourage you to use your freshly gained energy to review your digital resources. Help us to save energy, licence costs, disk space and CPU cycles, and help us to reduce CERN’s exposure to cyberthreats and its consequential attack surface. Please go through the following list and ensure that your resources are up to date and fully patched (see our Bulletin article on “<a href="https://home.cern/news/news/computing/computer-security-beauty-under-hood">Beauty under the hood</a>”), or just purge resources that are no longer needed:</p> <ul> <li><strong>For your accounts</strong>, in particular secondary and service accounts, go to <a href="https://account.cern.ch/account/Management/MyAccounts.aspx">https://account.cern.ch/account/ Management/MyAccounts.aspx</a>. You can delete individual accounts by selecting the account and then clicking on “Delete Account” on the right-hand side. In case of service accounts, please check with potential co-users first.</li> <li><strong>For your devices</strong> (PCs, laptops, smartphones, etc.), go to <a href="https://network.cern.ch/sc/fcgi/sc.fcgi?Action=SelectForDisplay">https://network.cern.ch/sc/fcgi/sc. fcgi?Action=SelectForDisplay</a> (CERN network only) and search for your surname. You can delete individual devices by selecting the device and then clicking on “[Remove This Device]” at the bottom of the page.</li> <li><strong>For your websites</strong> (including Sharepoint, Drupal and Openshift projects), go to <a href="https://webservices-portal.web.cern.ch/my-sites">https://webservices-portal.web.cern.ch/my-sites</a>. You can delete individual websites by selecting the website and then clicking “Delete [SITE NAME]” in the left-hand sidebar, but, please, check with potential co-moderators first!</li> <li><strong>For your databases</strong>, go to either <a href="https://resources.web.cern.ch/resources/Manage/DbOnDemand/Resources.aspx">https://resources.web.cern.ch/ resources/Manage/DbOnDemand/ Resources.aspx</a> for Databases on Demand (DBoD) or <a href="https://resources.web.cern.ch/resources/Manage/Oracle/Resources.aspx">https://resources.web.cern.ch/ resources/Manage/Oracle/ Resources.aspx</a> for Oracle databases. You can delete individual DBoD instances by clicking “[delete]” to the right of the database or by selecting the Oracle database and then clicking “Delete Account” on the right-hand side.</li> <li><strong>For your e-groups</strong>, go to <a href="https://e-groups.cern.ch/e-groups/EgroupsSelectShowEgroupsOfMember.do#">https://e-groups.cern.ch/e-groups/EgroupsSelectShowEgroups OfMember.do#</a>. You can delete individual e-groups by selecting the e-group and then clicking the “Delete” button at the bottom of the page, but, please, check with potential co-admins first!</li> <li><strong>For your virtual machines</strong> (VMs), go to <a href="https://openstack.cern.ch/project/">https://openstack.cern.ch/project/</a> and purge them from all projects and tenants. Puppet-managed VMs should be deleted via the “ai-kill” command.</li> <li><strong>For outer perimeter firewall openings</strong>, follow the instructions for either your devices or virtual machines. For devices, select the device, then click on “[Update this Information]” at the bottom of the page, and then finally move to the “Central Firewall Configuration” section of the new page and tick the “Remove” box and hit the “Send Request: UPDATE INFORMATION&gt;&gt;&gt;” button at the bottom at the page. For virtual machines, consult your Puppet configuration (<a href="https://configdocs.web.cern.ch/firewall/cern.html">https://configdocs.web.cern.ch/ firewall/cern.html</a>). Finally, if your device or virtual machine is part of a firewall set (<a href="https://security.web.cern.ch/services/en/firewall.shtml">https://security.web.cern.ch/services /en/firewall.shtml</a>), just remove it from that set via the set management web page at <a href="https://landb.cern.ch/landb/portal/sets/displaySets">https://landb.cern.ch/landb/portal /sets/displaySets</a>; or remove it from the corresponding Hiera “cernfw_landbset” (<a href="https://configdocs.web.cern.ch/firewall/cern.html">https://configdocs.web.cern.ch/ firewall/cern.html</a>).</li> <li>For your subscriptions, go to <a href="https://resources.web.cern.ch/resources/Manage/ListServices.aspx">https://resources.web.cern.ch/ resources/Manage/ListServices.aspx</a>. You can reconfigure or unsubscribe from individual services by selecting the service and following the instructions on the following page.</li> </ul> <p>If you have worked through the list until here, well done and thanks a lot! This is deeply appreciated for the sake of reducing CERN’s environmental impact and computer security attack surface. Thank you for your spring-cleaning efforts!</p> <p>_____</p> <p><em>Do you want to learn more about computer security incidents and issues at CERN? Follow our <a href="https://cern.ch/security/reports/en/monthly_reports.shtml">Monthly Report</a>. For further information, questions or help, check <a href="https://cern.ch/Computer.Security">our website</a> or contact us at Computer.Security@cern.ch.</em></p> </div> <span><span lang="" about="/user/151" typeof="schema:Person" property="schema:name" datatype="">anschaef</span></span> <span>Tue, 02/22/2022 - 11:51</span> <div class="field field--name-field-p-news-display-byline field--type-entity-reference field--label-above"> <div class="field--label"><b>Byline</b></div> <div class="field--items"> <div class="field--item"><a href="/authors/computer-security-team" hreflang="en">Computer Security team</a></div> </div> </div> <div class="field field--name-field-p-news-display-pub-date field--type-datetime field--label-above"> <div class="field--label"><b>Publication Date</b></div> <div class="field--item"><time datetime="2022-02-10T10:41:30Z">Thu, 02/10/2022 - 11:41</time> </div> </div> Tue, 22 Feb 2022 10:51:03 +0000 anschaef 174588 at https://home.cern