Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Stefan Lüders CERN Computer Security Officer Sign into CERN: CERN IT Services for You!

Published byHester Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Stefan Lüders CERN Computer Security Officer Sign into CERN: CERN IT Services for You!"— Presentation transcript:

1 Dr. Stefan Lüders CERN Computer Security Officer Sign into CERN: CERN IT Services for You!

2 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Academic Freedom You are now +1 user at CERN: ► …from 100s of universities worldwide ► Pupils, students, post-docs, professors, technicians, engineers, physicists, … ► High turn-over (~12k per year) Academic Freedom in Research: ► Open campus attitude (consider CERN as an ISP): No boundaries if possible: free communication & freedom to publish ► Cacophony of O/S, programming languages, applications ► Merger of professional & private life incl. mobile revolution ► The trial of the new & all-time prototypes

3 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Academic Freedom You are now +1 user at CERN: ► …from 100s of universities worldwide ► Pupils, students, post-docs, professors, technicians, engineers, physicists, … ► High turn-over (~10k per year) Academic Freedom in Research: ► Open campus attitude (consider CERN as an ISP): No boundaries if possible: free communication & freedom to publish ► Cacophony of O/S, programming languages, applications ► Merge of professional & private life incl. mobile revolution ► The trial of the new & all-time prototypes “Academic Freedom” means “Responsibility”: Computer Security at CERN is delegated to YOU as user, developer, administrator, expert, …!

4 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Academic Freedom vs. Security CERN is under permanent attack… even now: ► …attackers trying to brute-force passwords; ► …attackers trying to break Web applications; ► …attackers trying to break-in servers and obtain administrator rights. ► …attackers trying to harvest credentials. Security Events happen ► Web sites & web servers, data-bases, computing nodes, mail accounts, … ► The office network is very liberal: free connection policy and lots of visitors. Thus, there are always devices being infected/compromised. Security is as good as the weakest link: ► Attacker chooses the time, place, method ► Defender needs to protect against all possible attacks (currently known, and those yet to be discovered)

5 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Academic Freedom vs. Security CERN is under permanent attack… even now: ► …attackers trying to brute-force passwords; ► …attackers trying to break Web applications; ► …attackers trying to break-in servers and obtain administrator rights. ► …attackers trying to harvest credentials. Security Events happen ► Web sites & web servers, data-bases, computing nodes, mail accounts, … ► The office network is very liberal: free connection policy and lots of visitors. Thus, there are always devices being infected/compromised Security is as good as the weakest link: ► Attacker chooses the time, place, method ► Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) YOU are responsible for securing your accounts/computers/data/… and for preventing events happening.

6 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Take advantage of central CERN IT services: ► Let them take care of security ► Don’t worry about maintenance ► Focus on your core work CERN IT offers many services: ► Computing infrastructures for office computing, experiments and accelerators ► Administrative computing ► Physics data processing ► Cluster/Grid computing Note: Personal usage of CERN computing facilities is tolerated. Go central!!!

7 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Take advantage of central CERN IT services: ► Let them take care of security ► Don’t worry about maintenance ► Focus on your core work CERN IT offers many services: ► Computing infrastructures for office computing, experiments and accelerators ► Administrative computing ► Physics data processing ► Cluster/Grid computing Note: Personal usage of CERN computing facilities is tolerated. Go central!!! Pass the responsibility to the IT Department. Use central services!! Open your mind: Learn to work “securely”

8 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Enter CERN: Your Account CERN has ~44k active accounts… +1: ► You’ve got now a “primary account” ► Just go to http://cern.ch/account ► This grants you access to CERN facilities (Check “Applications and Resources” for details) ► For dedicated purposes, you can obtain a secondary account (“me_admin”) or a service account (“my_cool_service”) Once you leave again, make sure that ► All your important emails are backed up ► All your important documents/data/programs are transferred ► Service accounts are transferred, too ► We will delete everything after 6 months

9 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Enter CERN: Your Account CERN has ~44k active accounts… +1: ► You’ve got now a “primary account” ► Just go to http://cern.ch/account ► This grants you access to CERN facilities (Check “Applications and Resources” for details) ► For dedicated purposes, you can obtain a secondary account (“you_admin”) or a service account (“cool_service”) Once you leave again, make sure that ► All your important emails are backed up ► All your important documents/data/programs are transferred ► Service accounts are transferred, too ► We will delete everything after 6 months Your password is your toothbrush! Do NOT share it and change it regularly. Nobody legitimate will ever ask you for it. Make it complex: a**2+sqr(b)==c^2

10 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” First Contact: Your Mail Address CERN receives ~2M emails/day. 90% are Spam. CERN Mail: ► Do not run your own SMTP server. ► Your client is your choice: Outlook, Thunderbird, Pine… ► …or forward to an external mailbox ► Check on http://cern.ch/mail Personal usage is tolerated: ► …but this activity must not be illegal, political, commercial, inappropriate, offensive, or detrimental to official duties

11 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” First Contact: Your Mail Address CERN receives ~2M emails/day. 90% are Spam. CERN Mail: ► Do not run your own SMTP server ► Your client is your choice: Outlook, Thunderbird, Pine… ► …or forward to an external mailbox ► Check on http://cern.ch/mail Personal usage is tolerated: ► …but this activity must not be illegal, political, commercial, inappropriate, offensive, or detrimental to official duties Beware of Phishing emails!!!! Nobody legitimate will ever ask for your password. Never!!

12 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Connect! Several Class-B IP networks ► 10 Gbps commercial Internet connectivity ► 140 Gbps WAN connectivity (Tier0  Tier1) ► 4.8Tbps switching capacity at backbone ► ~5k subnets, >2k switches, >150 routers One flat office/wireless/visitor network ► ~100k registered devices ► Register on http://network.cern.ch …several more for… ► Accelerator & infrastructure ► Experiments ► the Worldwide Computing Grid Protective outer perimeter firewall ► Contact Computer Security for openings

13 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Connect! Several Class-B IP networks ► 10 Gbps commercial Internet connectivity ► 140 Gbps WAN connectivity (Tier0  Tier1) ► 4.8Tbps switching capacity at backbone ► ~5k subnets, >2k switches, >150 routers One flat office/wireless/visitor network ► ~100k registered devices ► Register on http://network.cern.ch …several more for… ► Accelerator & infrastructure ► Experiments ► the Worldwide Computing Grid Protective outer perimeter firewall ► Contact Computer Security for openings Do not make any unauthorized changes to the network infrastructure. Do not run tools stressing the network.

14 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Central Win/Linux/Mac Support Windows PCs (~10k active): ► Use CMF (http://cern.ch/cmf) or click “All Programs” “Windows Update” ► Run up-to-date anti-virus software ► This applies also to control PCs and oscilloscopes Linux PCs (>13k active): ► Use Yum (/usr/bin/yum) Macs (>2k active): ► Click “Software Update…” ► Consider running up-to-date anti-virus software ► The Win/Mac antivirus software is also free for home usage!!!! ► There is also community support for Android and iOS: Check also on http://cern.ch/[win|linux|mac|android|ios]

15 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Central Win/Linux/Mac Support Windows PCs (~10k active): ► Use CMF (http://cern.ch/cmf) or click “All Programs” “Windows Update” ► Run up-to-date anti-virus software ► This applies also to control PCs and oscilloscopes Linux PCs (>13k active): ► Use Yum (/usr/bin/yum) Macs (>2k active): ► Click “Software Update…” ► Consider running up-to-date anti-virus software ► The Win/Mac antivirus software is also free for home usage!!!! ► There is also community support for Android and iOS: Check also on http://cern.ch/[win|linux|mac|android|ios] You are obliged to run anti-virus software and update/patch your systems regularly… …or you risk that you will be disconnected.

16 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Stop-Think-Click Take care when surfing the web. ► Not everything is what it seems to be ► Do not click on random links ► Do not install software you do not really need or not know

17 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Stop-Think-Click Take care when surfing the web. ► Not everything is what it seems to be ► Do not click on random links ► Do not install software you do not really need or not know Don’t consult pornographic or other illicit material (e.g. inciting to violence, racism, discrimination). Respect copyrights! Do not download or share music or videos.

18 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Publish or Perish CERN hosts ~11k web sites with ~100k web pages on ~500 different web servers Set up your own site: ► “Official”, “Personal” or “Test” sites ► Program in Python/Perl/PHP/… ► Use Twiki, Sharepoint, Drupal, J2EE You are responsible!!! ► Avoid common mistakes: Sanitize & validate input values ► Know what you publish! Avoid leaking sensitive documents…

19 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Publish or Perish CERN hosts ~11k web sites with ~100k web pages on ~500 different web servers Set up your own site: ► “Official”, “Personal” or “Test” sites ► Program in Python/Perl/PHP/… ► Use Twiki, Sharepoint, Drupal, J2EE You are responsible!!! ► Avoid common mistakes like: Sanitize & validate input values ► Know what you publish! Avoid leaking sensitive documents… This is the place to screw up. If you don’t know what your doing, don’t do. Ask an expert, read a book, get some training (http://cta.cern.ch), or forget it.

20 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Space — plenty of space CERN hosts ~1B files / ~150TB for your home directories ► For Windows: use DFS (\\cern.ch\dfs; see http://cern.ch/dfs) ► For Linux: use AFS (/afs/cern.ch; see http://cern.ch/afs) Plus 1800 disk servers with >90PB capacity for the Grid ► Redundant disk configuration ► ~30% growth rate ► 2-3 disk failures per day There is more: ► For sharing, Dropbox a la CERN: http://cernbox.cern.ch ► For publications, documents, etc. use CDS (http://cern.ch/cds) ► For meetings, use INDICO (http://indico.cern.ch) ► For technical stuff, use EDMS (http://edms.cern.ch) ► For back-ups, there are CASTOR (http://cern.ch/castor) and TSM …but recall that AFS and DFS are backed-up, too!

21 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Space — plenty of space CERN hosts ~1B files / ~150TB for your home directories ► For Windows: use DFS (\\cern.ch\dfs; see http://cern.ch/dfs) ► For Linux: use AFS (/afs/cern.ch; see http://cern.ch/afs) Plus 1800 disk servers with >90PB capacity for the Grid ► Redundant disk configuration ► ~30% growth rate ► 2-3 disk failures per day There is more: ► For sharing, Dropbox a la CERN: http://cernbox.cern.ch ► For publications, documents, etc. use CDS (http://cern.ch/cds) ► For meetings, use INDICO (http://indico.cern.ch) ► For technical stuff, use EDMS (http://edms.cern.ch) ► For back-ups, there are CASTOR (http://cern.ch/castor) and TSM …but recall that AFS and DFS are backed-up, too! Control access to all your assets! For personal use: Frequency/duration must be limited and resource usage minimal.

22 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Computing Clusters LXPLUS (http://cern.ch/plus) ► Stable Linux platform for one-off calculations and acting as gateway ► Properly secured and actively monitored LXBATCH (http://cern.ch/lxbatch) ► For physics analysis ► ~4k nodes with ~30k cores ► 150k user jobs per day (with ~30% growth/yr) Windows Terminal Server ► Stable Windows platform ► You need to register at http://cern.ch/wts Virtualization Service ► Up to ~16k virtual machines ► Make your reservation at http://vmm.cern.ch

23 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Computing Clusters LXPLUS (http://cern.ch/plus) ► Stable Linux platform for one-off calculations and acting as gateway ► Properly secured and actively monitored LXBATCH (http://cern.ch/lxbatch) ► For physics analysis ► ~4k nodes with ~30k cores ► 150k user jobs per day (with ~30% growth/yr) Windows Terminal Server ► Stable Windows platform ► You need to register at http://cern.ch/wts Virtualization Service ► Up to ~16k virtual machines ► Make your reservation at http://vmm.cern.ch Your password is your toothbrush! This applies also to SSH keys & certificates! Take care when connecting from abroad.

24 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Programming and Development CERN Git for programming: ► Strongly recommended for all software developers ► Check out at http://gitlab.cern.ch ► Static code checkers available at: http://cern.ch/security /recommendations/en/code_tools.shtml (and watch your compiler outputs!!!) Tools for development: ► Calculus tools: Mathematica, Mathcad, Octave, … ► Electronic EDA tools: CADENCE, Altium Designer, FPGA synthesis, … ► Mechanical CAD tools: CATIA, AutoCAD, Inventor, Ansys, Opera/Tosca,.. ► Have a valid license! Check http://cern.ch/engineering-software Databases on demand: ► Check https://cern.ch/DBOnDemand/

25 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Programming and Development CERN Git/SVN for programming: ► Strongly recommended for all software developers ► Check out at http://cern.ch/[git|svn] ► Static code checkers available at: http://cern.ch/security /recommendations/en/code_tools.shtml (and watch your compiler outputs!!!) Tools for development: ► Calculus tools: Mathematica, Mathcad, Octave, … ► Electronic EDA tools: CADENCE, Altium Designer, FPGA synthesis, … ► Mechanical CAD tools: CATIA, AutoCAD, Inventor, Ansys, Opera/Tosca,.. ► Have a valid license! Check http://cern.ch/engineering-software Databases on demand: ► Check https://cern.ch/DBOnDemand/ The second best place to screw up. If you don’t know what your doing, don’t do. Ask an expert, read a book, get some training (http://cta.cern.ch), or forget it.

26 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” There is much more…

27 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Let IT help you! Make use of central services ► Do not reinvent the wheel ► Focus on your core work ► Don’t worry about maintenance ► Let IT take care on security If you have questions: ► Contact the ServiceDesk: http://cern.ch/servicedesk ► They deal with any question related with IT (and other stuff) For security questions/training/help: ► Check http://cern.ch/security ► Or contact: Computer.Security@cern.ch

28 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” Let IT help you! Make use of central services ► Do not reinvent the wheel ► Focus on your core work ► Don’t worry about maintenance ► Let IT take care on security If you have questions: ► Contact the ServiceDesk: http://cern.ch/servicedesk ► They deal with any question related with IT (and other stuff) For security questions/training/help: ► Check http://cern.ch/security ► Or contact: Computer.Security@cern.ch The usage of CERN Computing Facilities is governed by the CERN Computing Rules (OC5). You committed to adhere to them. (http://cern.ch/ComputingRules)

29 Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Stefan.Lueders@cern.ch — “Sign into CERN: CERN IT Services for You!” What links to www.ebay.com?  http://www.ebay.com\cgi-bin\login?ds=1%204324@%31%33%37 %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d  http://www.ebaỵ.com/ws/eBayISAPI.dll?SignIn  http://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo&siteid=0& co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0 &encRafId=default  http://secure-ebay.com    This IS Not EVEN obvious FOR professionals! Still time for a small quiz?

Download ppt "Dr. Stefan Lüders CERN Computer Security Officer Sign into CERN: CERN IT Services for You!"

Similar presentations

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
LEARN THE QUICK AND EASY WAY! VISUAL QUICKSTART GUIDE HTML and CSS 8th Edition Chapter 21: Publishing Your Pages on the Web.

LEARN THE QUICK AND EASY WAY! VISUAL QUICKSTART GUIDE HTML and CSS 8th Edition Chapter 21: Publishing Your Pages on the Web.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.

Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.
SLIR Computer Lab: Orientation and Training December 16, 1998.

SLIR Computer Lab: Orientation and Training December 16, 1998.
DECS Community IT DIVISION OF ENGINEERING COMPUTING SERVICES Michigan State University College of Engineering.

DECS Community IT DIVISION OF ENGINEERING COMPUTING SERVICES Michigan State University College of Engineering.
Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.

Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Module 4: Planning, Optimizing, and Troubleshooting DHCP

Module 4: Planning, Optimizing, and Troubleshooting DHCP
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Microsoft ® Windows ® Small Business Server 2003 R2 Sales Cycle.

Microsoft ® Windows ® Small Business Server 2003 R2 Sales Cycle.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.

Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.
Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.

Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.
Operational Circular No 5 Use of CERN Computing Facilities.

Operational Circular No 5 Use of CERN Computing Facilities.
1 Copyright © 2015 Pexus LLC Patriot PS Personal Server How to configure as a Mail server.

1 Copyright © 2015 Pexus LLC Patriot PS Personal Server How to configure as a Mail server.

Similar presentations

Ads by Google