Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sign into CERN: CERN IT Services for You!

Published byPiers Lang Modified over 7 years ago

Similar presentations

Presentation on theme: "Sign into CERN: CERN IT Services for You!"— Presentation transcript:

1 Sign into CERN: CERN IT Services for You!
Timing: 30mins Sebastian Łopieński CERN Deputy Computer Security Officer (slides by Stefan Lueders)

2 Welcome to CERN!!! Academic Freedom You are now +1 user at CERN:
…from 100s of universities worldwide Pupils, students, post-docs, professors, technicians, engineers, physicists, … High turn-over (~12k per year) Academic Freedom in Research: Open campus attitude (consider CERN as an ISP): No boundaries if possible: free communication & freedom to publish Cacophony of O/S, programming languages, applications Merger of professional & private life incl. mobile revolution The trial of the new & all-time prototypes

3 Welcome to CERN!!! Academic Freedom You are now +1 user at CERN:
…from 100s of universities worldwide Pupils, students, post-docs, professors, technicians, engineers, physicists, … High turn-over (~10k per year) Academic Freedom in Research: Open campus attitude (consider CERN as an ISP): No boundaries if possible: free communication & freedom to publish Cacophony of O/S, programming languages, applications Merge of professional & private life incl. mobile revolution “Academic Freedom” means “Responsibility”: Computer Security at CERN is delegated to YOU as user, developer, administrator, expert, …!

4 Academic Freedom vs. Security
CERN is under permanent attack… even now: …attackers trying to brute-force passwords; …attackers trying to break Web applications; …attackers trying to break-in servers and obtain administrator rights. …attackers trying to harvest credentials. Security Events happen Web sites & web servers, data-bases, computing nodes, mail accounts, … The office network is very liberal: free connection policy and lots of visitors. Thus, there are always devices being infected/compromised. Security is as good as the weakest link: Attacker chooses the time, place, method Defender needs to protect against all possible attacks (currently known, and those yet to be discovered)

5 Academic Freedom vs. Security
CERN is under permanent attack… even now: …attackers trying to brute-force passwords; …attackers trying to break Web applications; …attackers trying to break-in servers and obtain administrator rights. …attackers trying to harvest credentials. Security Events happen Web sites & web servers, data-bases, computing nodes, mail accounts, … The office network is very liberal: free connection policy and lots of visitors. Thus, there are always devices being infected/compromised Security is as good as the weakest link: Attacker chooses the time, place, method Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) YOU are responsible for securing your accounts/computers/data/… and for preventing events happening.

6 Go central!!! Take advantage of central CERN IT services:
Let them take care of security Don’t worry about maintenance Focus on your core work CERN IT offers many services: Computing infrastructures for office computing, experiments and accelerators Administrative computing Physics data processing Cluster/Grid computing Note: Personal usage of CERN computing facilities is tolerated.

7 Go central!!! Take advantage of central CERN IT services:
Let them take care of security Don’t worry about maintenance Focus on your core work CERN IT offers many services: Computing infrastructures for office computing, experiments and accelerators Administrative computing Physics data processing Cluster/Grid computing Note: Personal usage of CERN computing facilities is tolerated. Pass the responsibility to the IT Department. Open your mind: Learn to work “securely”  Use central services!!

8 Enter CERN: Your Account
CERN has ~44k active accounts… +1: You’ve got now a “primary account” Just go to This grants you access to CERN facilities (Check “Applications and Resources” for details) For dedicated purposes, you can obtain a secondary account (“me_admin”) or a service account (“my_cool_service”) Once you leave again, make sure that All your important s are backed up All your important documents/data/programs are transferred Service accounts are transferred, too We will delete everything after 6 months

9 Enter CERN: Your Account
CERN has ~44k active accounts… +1: You’ve got now a “primary account” Just go to This grants you access to CERN facilities (Check “Applications and Resources” for details) For dedicated purposes, you can obtain a secondary account (“you_admin”) or a service account (“cool_service”) Once you leave again, make sure that All your important s are backed up All your important documents/data/programs are transferred Service accounts are transferred, too We will delete everything after 6 months Your password is your toothbrush! Do NOT share it and change it regularly. Nobody legitimate will ever ask you for it. Make it complex: a**2+sqr(b)==c^2

10 First Contact: Your Mail Address
CERN receives ~2M s/day. 90% are Spam. CERN Mail: Do not run your own SMTP server. Your client is your choice: Outlook, Thunderbird, Pine… …or forward to an external mailbox Check on Personal usage is tolerated: …but this activity must not be illegal, political, commercial, inappropriate, offensive, or detrimental to official duties

11 First Contact: Your Mail Address
CERN receives ~2M s/day. 90% are Spam. CERN Mail: Do not run your own SMTP server Your client is your choice: Outlook, Thunderbird, Pine… …or forward to an external mailbox Check on Personal usage is tolerated: …but this activity must not be illegal, political, commercial, inappropriate, offensive, or detrimental to official duties Beware of Phishing s!!!! Nobody legitimate will ever ask for your password. Never!!

12 Connect! Several Class-B IP networks
10 Gbps commercial Internet connectivity 140 Gbps WAN connectivity (Tier0Tier1) 4.8Tbps switching capacity at backbone ~5k subnets, >2k switches, >150 routers One flat office/wireless/visitor network ~100k registered devices Register on …several more for… Accelerator & infrastructure Experiments the Worldwide Computing Grid Protective outer perimeter firewall Contact Computer Security for openings

13 Connect! Several Class-B IP networks
10 Gbps commercial Internet connectivity 140 Gbps WAN connectivity (Tier0Tier1) 4.8Tbps switching capacity at backbone ~5k subnets, >2k switches, >150 routers One flat office/wireless/visitor network ~100k registered devices Register on …several more for… Accelerator & infrastructure Experiments the Worldwide Computing Grid Protective outer perimeter firewall Contact Computer Security for openings Do not make any unauthorized changes to the network infrastructure. Do not run tools stressing the network.

14 Central Win/Linux/Mac Support
Windows PCs (~10k active): Use CMF ( or click “All Programs” “Windows Update” Run up-to-date anti-virus software This applies also to control PCs and oscilloscopes Linux PCs (>13k active): Use Yum (/usr/bin/yum) Macs (>2k active): Click “Software Update…” Consider running up-to-date anti-virus software The Win/Mac antivirus software is also free for home usage!!!! There is also community support for Android and iOS: Check also on

15 Central Win/Linux/Mac Support
Windows PCs (~10k active): Use CMF ( or click “All Programs” “Windows Update” Run up-to-date anti-virus software This applies also to control PCs and oscilloscopes Linux PCs (>13k active): Use Yum (/usr/bin/yum) Macs (>2k active): Click “Software Update…” Consider running up-to-date anti-virus software The Win/Mac antivirus software is also free for home usage!!!! There is also community support for Android and iOS: Check also on You are obliged to run anti-virus software and update/patch your systems regularly… …or you risk that you will be disconnected.

16 Stop-Think-Click Take care when surfing the web.
Not everything is what it seems to be Do not click on random links Do not install software you do not really need or not know

17 Stop-Think-Click Take care when surfing the web.
Not everything is what it seems to be Do not click on random links Do not install software you do not really need or not know Don’t consult pornographic or other illicit material (e.g. inciting to violence, racism, discrimination). Respect copyrights! Do not download or share music or videos.

18 Publish or Perish CERN hosts ~11k web sites with ~100k web pages on ~500 different web servers Set up your own site: “Official”, “Personal” or “Test” sites Program in Python/Perl/PHP/… Use Twiki, Sharepoint, Drupal, J2EE You are responsible!!! Avoid common mistakes: Sanitize & validate input values Know what you publish! Avoid leaking sensitive documents…

19 Publish or Perish CERN hosts ~11k web sites with ~100k web pages on ~500 different web servers Set up your own site: “Official”, “Personal” or “Test” sites Program in Python/Perl/PHP/… Use Twiki, Sharepoint, Drupal, J2EE You are responsible!!! Avoid common mistakes like: Sanitize & validate input values Know what you publish! Avoid leaking sensitive documents… This is the place to screw up. If you don’t know what your doing, don’t do. Ask an expert, read a book, get some training ( or forget it.

20 Space — plenty of space CERN hosts ~1B files / ~150TB for your home directories For Windows: use DFS (\\cern.ch\dfs; see For Linux: use AFS (/afs/cern.ch; see Plus 1800 disk servers with >90PB capacity for the Grid Redundant disk configuration ~30% growth rate 2-3 disk failures per day There is more: For sharing, Dropbox a la CERN: For publications, documents, etc. use CDS ( For meetings, use INDICO ( For technical stuff, use EDMS ( For back-ups, there are CASTOR ( and TSM …but recall that AFS and DFS are backed-up, too!

21 Space — plenty of space CERN hosts ~1B files / ~150TB for your home directories For Windows: use DFS (\\cern.ch\dfs; see For Linux: use AFS (/afs/cern.ch; see Plus 1800 disk servers with >90PB capacity for the Grid Redundant disk configuration ~30% growth rate 2-3 disk failures per day There is more: For sharing, Dropbox a la CERN: For publications, documents, etc. use CDS ( For meetings, use INDICO ( For technical stuff, use EDMS ( For back-ups, there are CASTOR ( and TSM …but recall that AFS and DFS are backed-up, too! Control access to all your assets! For personal use: Frequency/duration must be limited and resource usage minimal.

22 Computing Clusters LXPLUS (http://cern.ch/plus)
Stable Linux platform for one-off calculations and acting as gateway Properly secured and actively monitored LXBATCH ( For physics analysis ~4k nodes with ~30k cores 150k user jobs per day (with ~30% growth/yr) Windows Terminal Server Stable Windows platform You need to register at Virtualization Service Up to ~16k virtual machines Make your reservation at

23 Computing Clusters LXPLUS (http://cern.ch/plus)
Stable Linux platform for one-off calculations and acting as gateway Properly secured and actively monitored LXBATCH ( For physics analysis ~4k nodes with ~30k cores 150k user jobs per day (with ~30% growth/yr) Windows Terminal Server Stable Windows platform You need to register at Virtualization Service Up to ~16k virtual machines Make your reservation at This applies also to SSH keys & certificates! Take care when connecting from abroad. Your password is your toothbrush!

24 Programming and Development
CERN Git for programming: Strongly recommended for all software developers Check out at Static code checkers available at: /recommendations/en/code_tools.shtml (and watch your compiler outputs!!!) Tools for development: Calculus tools: Mathematica, Mathcad, Octave, … Electronic EDA tools: CADENCE, Altium Designer, FPGA synthesis, … Mechanical CAD tools: CATIA, AutoCAD, Inventor, Ansys, Opera/Tosca,.. Have a valid license! Check Databases on demand: Check

25 Programming and Development
CERN Git for programming: Strongly recommended for all software developers Check out at Static code checkers available at: /recommendations/en/code_tools.shtml (and watch your compiler outputs!!!) Tools for development: Calculus tools: Mathematica, Mathcad, Octave, … Electronic EDA tools: CADENCE, Altium Designer, FPGA synthesis, … Mechanical CAD tools: CATIA, AutoCAD, Inventor, Ansys, Opera/Tosca,.. Have a valid license! Check Databases on demand: Check The second best place to screw up. If you don’t know what your doing, don’t do. Ask an expert, read a book, get some training ( or forget it.

26 There is much more… E-groups Room booking service Telephone service
GRID services Experiment support (CRAB, Ganga, HammerCloud, Dashboard, …) CIXP Printer service CERN PrintShop Vidyo teleconferencing The CERN Standard

27 Let IT help you! Make use of central services If you have questions:
Do not reinvent the wheel Focus on your core work Don’t worry about maintenance Let IT take care on security If you have questions: Contact the ServiceDesk: They deal with any question related with IT (and other stuff) For security questions/training/help: Check Or contact:

28 Let IT help you! Make use of central services If you have questions:
Do not reinvent the wheel Focus on your core work Don’t worry about maintenance Let IT take care on security If you have questions: Contact the ServiceDesk: They deal with any question related with IT (and other stuff) For security questions/training/help: Check Or contact: The usage of CERN Computing Facilities is governed by the CERN Computing Rules (OC5). You committed to adhere to them. (

29 Still time for a small quiz?
What links to %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0 &encRafId=default This IS Not EVEN obvious FOR professionals!

Download ppt "Sign into CERN: CERN IT Services for You!"

Similar presentations

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.

Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.
SLIR Computer Lab: Orientation and Training December 16, 1998.

SLIR Computer Lab: Orientation and Training December 16, 1998.
DECS Community IT DIVISION OF ENGINEERING COMPUTING SERVICES Michigan State University College of Engineering.

DECS Community IT DIVISION OF ENGINEERING COMPUTING SERVICES Michigan State University College of Engineering.
Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.

Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
What is a Computer? Computer generally means a programmable machine. The two principal characteristics of a computer are: it responds to a specific set.

What is a Computer? Computer generally means a programmable machine. The two principal characteristics of a computer are: it responds to a specific set.
Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.

Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.
Operational Circular No 5 Use of CERN Computing Facilities.

Operational Circular No 5 Use of CERN Computing Facilities.
1 Copyright © 2015 Pexus LLC Patriot PS Personal Server How to configure as a Mail server.

1 Copyright © 2015 Pexus LLC Patriot PS Personal Server How to configure as a Mail server.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Introduction TO Network Administration

Introduction TO Network Administration
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.

Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
G046 Lecture 04 Task C Briefing Notes Mr C Johnston ICT Teacher www.computechedu.co.uk.

G046 Lecture 04 Task C Briefing Notes Mr C Johnston ICT Teacher
Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.

Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.

Similar presentations

Ads by Google