Abstract
Computer security incidents are increasing across the Internet as a whole. Intruders target academic sites, such as CERN, to profit from their powerful systems and good Internet connectivity. This article outlines some key risks and how you can help to reduce them.
Your responsibility
Almost every week new threats and incidents are followed up by CERN's
computer and security specialists. Every CERN computer user and
system administrator has a responsibility for CERN's computer
security, as defined in Operational Circular No 5, available at
http://www.cern.ch/ComputingRules
.
Protect your passwords
The most common form of computer break-in at CERN is via accounts
with passwords that become known to intruders. This may be because
the password has been guessed or has been discovered by an
intruder. You must choose passwords which are difficult to guess
and keep them private. When you are travelling and need to access
the CERN network from a remote site, you should check with your
contacts there for the most secure way to connect to CERN. It is
not uncommon for intruders to run software which can collect
passwords, either when typed on a system or when passing in clear
text (unencrypted) on a network. You should therefore take care to
use a securely managed computer and where possible use software
which encrypts your password.
Prevent viruses and SPAM
Viruses and unsolicited e-mail, known as SPAM, remain a constant
annoyance for us all. There has been a significant increase in both
of these across the Internet as a whole. Viruses are often spread
by innocent users opening unexpected attachments. Do
not open attachments which you are not expecting or that
you find suspicious. E-mails warning of viruses are almost always a
hoax and can be deleted, along with other unwanted SPAM mails.
E-mail which requests you to forward it to many people is also
usually a hoax, as are e-mails requesting money or support for a cause. Delete
such e-mails without answering or forwarding them. A database of known
viruses and hoaxes can be checked from the CERN security web pages,
http://cern.ch/security
. Anti-virus software, plays an
important role in reducing the impact of viruses and should be run
on all CERN PCs. If you suspect your system has a problem related
to a virus then contact Helpdesk@cern.ch
.
The CERN mail service plays a key role in reducing unwanted viruses
and SPAM entering CERN. Restrictions on attachment types which
regularly contain viruses have been introduced for CERN mailing
lists and these restrictions will soon be extended to the CERN mail
servers. Unfortunately complete prevention of unwanted e-mail will
remain impossible.
Disable non-essential applications
Another common computer break-in is the exploitation of security
holes in operating systems and networked applications, with web and
ftp servers being prime targets. If you administer your own
computer then make sure you are aware of the applications you
require and disable all others. You may have applications running
which you do not need. All applications have a risk of containing
security holes which if exploited can impact more than your own
system since an intruder can then use it to attack others. If you
do not need to run web, ftp or other applications on
your system then
you will reduce the security risk for all of us by disabling
them.
Regularly install security patches
Insecure systems on the CERN network increase the risk for the
whole site. System administrators need to keep their systems
regularly updated with security patches, both for the operating
systems and every application service accessible on the network.
System administrators running CERN-certified operating systems can
profit from IT Division's services which apply tested patches
automatically or provide them for manual installation. To help keep
common applications secure, we have recently started network
security scanning. This is initially targeted to help web server
security but will be extended to ftp and other
applications. Further information on network security scanning at
CERN is available at
http://cern.ch/security/scans
.
Summary
Increasing computer security problems are a sign of the times and
we must all adapt to reduce them. Protecting passwords, not opening
suspicious or unintended e-mail attachments, preventing unnecessary
access to computers and applications, and regularly installing
security patches are a good start in the right direction.
About the author(s):
Denise Heagerty is the CERN Computer Security Officer.