Computer security: Computing power for professionals… only!

CERN’s OpenStack service provides you with enormous computing and storage resources to achieve your professional goals: if you need CPU power for your analyses, alternative operating systems to test your software, or if you want to run a reliable, high-performance and scalable service… OpenStack is the best choice. In fact, today all LHC experiments, the accelerators sector and the IT department rely heavily on OpenStack to run their analysis clusters and computing services. OpenStack: computing power for professionals… only!

It is the “only” which is important! CERN’s Computing Rules tolerate the personal use of CERN’s computing facilities as long as that activity is legal, non-political and non-commercial, and its resource consumption of computing power, networking bandwidth, storage capacity, etc. is minimal. And this is the crux. Deploying a hundred-odd virtual machines without a professional mandate from your experiment or your department is definitely not covered by “tolerated”. Unfortunately, this was spotted recently when one user ran a large cluster of VMs for a personal code-improvement project. In the past, we have seen similar abuses where people tried to mine crypto-currencies (“Bitcoins”, “Litcoins”, “Ethereum”) on OpenStack, using BOINC or the worldwide LHC computing grid (WLCG). All immediately attracted the attention of the service managers and led to disciplinary action. Indeed, it is hard to argue that mining crypto-currencies is a professional task. And since it involves money generated at CERN’s (or the WLCG’s) expense, this might trigger legal action by the latter. Even more worrying is that, at least once, the OpenStack service was subject to a targeted attack: an attacker misused the identity of one of our colleagues in order to request 5000 VMs in the OpenStack cluster for some abusive deeds. But such a large request already triggered some tripwires…

So, be reasonable. All these activities violate the CERN Computing Rules (and the WLCG’s security policies) as they stop CERN’s scarce resources from being used more efficiently, consume power at CERN’s expense, and benefit from a service intended for professional use only. Tolerating a bit of personal usage is to the benefit of us all. Exaggerating is not. Deploying dozens of personal VMs is overdoing it. Massive downloading of music and videos (apart from the implications on copyright), the storage of zillions of private photos (whose privacy protection is not necessarily guaranteed by the CERN Computing Rules), constant browsing of the web (diminishing your productivity), the creation of websites with commercial or political content are also a bit much.


Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, visit our website or contact us at Computer.Security@cern.ch.