At CERN, you are the one primarily responsible for the computer security of all accounts, devices, websites, computing services and control systems you own and manage. CERN’s Operational Circular No. 5 (OC5, aka the CERN Computing Rules) requires you to keep those computing resources secured and protected. An important, but also huge, task! So, let us help you.

Just for you, the IT department provides a wide variety of computing services: web content management suites like Drupal; databases on demand; communication platforms like Indico and Mattermost; storage systems (AFS, Ceph, EOS); standardised virtual images; and software development frameworks (Puppet, Jenkins, Jira, Git). Ideally, on the one hand, you take advantage of their service catalogue and delegate all security tasks to them. That also gives you more time to concentrate on your core tasks at CERN. On the other hand, if you need help to choose or need advice on a new computing/software project you are starting, the IT department even provides an IT Consulting Service dedicated to guiding you. For specific security-related questions, the Computer Security team is at your service and also provides training on keeping your resources safe and secure. Just reach out to Computer.Security@cern.ch.

Still, some resources are yours and will remain yours. While CERN’s OC5 expects you to keep those resources up-to-date and well maintained, sometimes they turn out to be or become outdated, insecure, vulnerable or – worse – abused. The Computer Security team is therefore trying to proactively help you by running a plethora of automatic and manual scanning tools to identify such sub-optimally configured resources. If a security problem is detected, you, as registered owner or main user of a resource, will receive an email alert if:

• you log in from a “new” location (see our article in the last Bulletin on “Your remote logins”);
• your password is leaked in an external data breach together with one of your email addresses;
• there is suspicious network traffic from/to or access to malicious websites from one of your devices;
• an operating system or software version used by your system is outdated, as if they are no longer maintained, they will render your system insecure before long;
• you use sub-optimal security configurations like SSL or TLSv1.1, or HTTP for login pages;
• CERN-internal or personal information has been (accidentally) exposed by your file storage or website;
• vulnerabilities like XSS or SQL injection are found on your resources.

Depending on the alert, an email notification usually looks like this:

The embedded link leads to a webpage providing you with all the necessary help to get your particular problem fixed.

If you receive such a notification, please act swiftly. You can list all your issues on this dedicated website. Please figure out the origin of your issue and take corrective measures. Contact the Computer Security team through this website if you have questions or need advice or help to understand the risk to your system. There might also be alternative protection means available to you. Failure to reply might force us to consider blocking your device from the network, access to your account, or your webpage from being visible from the internet as a precautionary measure. So, please, help us proactively keep the Organization cybersecure!

_____

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.