Voir en

français

Computer Security: Dear summer students, welcome!

In order to make your digital life as comfortable as possible, there are a few things you need to know

|

A warm welcome to the summer-student class of 2022! We’re glad that you made it in these troubled times! We offer a packed agenda for the next two months: challenging lectures; interesting projects to tackle with your team; and lots of time to take a great big gulp of CERN’s academic freedom, spirit and creativity! In order to make your digital life as comfortable as possible, however, there are a few things you need to know.

When you join CERN, you’re given a CERN computing account. Take care of your account password as any evil-doer might misuse it to spam the world on your behalf, abuse CERN’s computing clusters in your name, download journals in bulk from CERN’s digital library, or simply compromise your CERN PC and extract your photos, documents or personal data, or spy on you using your computer’s microphone or webcam. Worst-case scenario, the whole Organization is at risk! Similarly, take good care of your CERN and personal computers, tablets and smartphones. Give them some freedom to update themselves so you benefit from the latest protective measures. “Auto-update” is a good friend, just make sure that it’s enabled – as it should be by default.

A particularly nasty way to lose your password, at CERN or at home, is to reply to so-called “phishing emails”, i.e. emails asking for your password. No serious person – the CERN Computer Security team, the CERN Service Desk or your CERN supervisor – would send such an email, only dishonest people or fraudsters would. So stay on the lookout and don’t enter your password in weird webpages. Don’t click on links in emails obviously not intended for you, for example, emails not addressed to you, not coming from the real CERN, not written in one of your native languages, or of no relevance to you. Ask us at Computer.Security@cern.ch if you have any doubts. Similarly, don’t randomly click on web links, but stop and think first. Otherwise, you might infect your computer in no time – and the sole remedy will be a full reinstallation of your device (easier if you have backups!).

CERN has awesome network connectivity to the world. But it’s for professional purposes. While private usage is tolerated, please do not abuse this. Keep your bandwidth low. In particular, refrain from bulk downloading movies or software. Remember “copyright”? It also applies at CERN. Any violation of copyright reported to CERN will be followed up and any infringement costs will be passed on to the perpetrator. The same holds true for pirated software. If you have stored pirated licence keys on your device, it’s time to delete them. Companies are monitoring for abuse of their software and infringement costs can quickly reach five to six figures. This one is of particular importance: if you need particular software, have a look at CERN’s central software repositories.

While you’re at CERN, you might be working on a project requiring digital resources – setting up a webpage, writing some code, developing hardware. Please don’t reinvent the wheel if you need a database. Or a webserver. Or some software. The CERN IT department can provide a wide variety of centrally managed and secure services for your digital convenience. Just put yourself on their shoulders and build on top. Free up your time and brain for creativity and let CERN IT provide the tools. Moreover, make sure that all your development work, software, design drawings, documentation and so on are made available to your supervisor when you leave. This will ensure your legacy lives on at CERN. If you keep them to yourself, they’ll get purged and deleted, and your time at CERN will be forgotten.

Finally, like anywhere else, there are some rules to respect. Use of CERN’s computing facilities is governed by the CERN Computing Rules. Basically, be reasonable. Don’t do anything that could be considered immoral, illegal or abusive. Similarly, personal use of CERN’s computing facilities is tolerated, but within the aforementioned limits. For example, browsing pornography is forbidden unless you have a good professional reason to do so (and it might be awkward receiving a corresponding cease-and-desist email from us). In another example, crypto-mining on CERN’s computing clusters is definitely a no-no. Just don’t.

So, make sure that you respect these few ground rules – keep your system up to date – protect your password – STOP-THINK-DON’T CLICK – respect copyright – preserve your work – follow the CERN Computing Rules. We wish you a great and exciting stay at CERN. Have fun and enjoy!

_______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

This article is a republication of a text originally published in June 2021.