1 / 12

Computer Security in ST Division

This document outlines the crucial aspects of computer security at CERN, emphasizing the collective responsibility of all users to safeguard their machines. It discusses why security is paramount, detailing risks such as viruses, worms, and trojans that can compromise data integrity. Recommendations are provided for office and control system users, including timely updates, strong password practices, and avoiding unsolicited emails. Additionally, guidance on handling control systems is included, stressing the need for secure configurations and update strategies.

menora
Télécharger la présentation

Computer Security in ST Division

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security in ST Division CERN Computer Security Officer: Denise Heagerty (IT/DI) ST linkpersons: Eva Sanchez-Corral Mena (ST/MA) Uwe Epting (ST/MA) Uwe Epting - ST/MA

  2. Outline • Who is concerned? • Why is it important? • General Recommendations • Office Users • Control Systems • Additional Information Uwe Epting - ST/MA

  3. Computer Security in ST • Who is concerned? • Everybody ! • Why? • Everybody is responsible for computer security on his/her machine • The law: Operational Circular No. 5 • BUT: two categories • OFFICE • CONTROL SYSTEM Uwe Epting - ST/MA

  4. Why is it important? • Almost daily appearance of viruses: • executable viruses • risk of destroying or manipulating your data • internet worms • risk of destroying data and network blocking • trojan horses, password spies • risk of (software) sabotage • risk of publishing of confidential data Uwe Epting - ST/MA

  5. General Recommendations • Do not open e-mail attachements • if you are not sure about their content • Click CANCEL instead of OK • in unexpected web dialogue boxes • Do not answer unsolicited e-mail • delete it • Do not run unknown software • Choose secure passwords • change them regularly • Avoid exposure of passwords and/or other confidential information • e.g. through unencrypted web-applications Uwe Epting - ST/MA

  6. Office Users • Use the central CERN environment for • NICE (Windows) • Linux • MacOSX • Apply security patches timely as well as immediately when you are asked to do so. • assistance available: desktop support or C168 • Follow the CERN security recommendations Uwe Epting - ST/MA

  7. Control Systems (1) • Some problems: • not centrally managed • different Operating System flavours • cannot be stopped for updates • PLCs and HP workstations not covered by IT computer security • Nevertheless the "Responsible of the device" has to keep the systems secure! Uwe Epting - ST/MA

  8. Control Systems (2) • Some recommendations and ideas: • run on the "technical network" • not directly accessible from outside CERN • disable unnecessary applications • like web, telnet, ftp, ..., and Office applications • choose correct network connection • NONE or OUTGOING, not INCOMING • limit/configure computers/PLCs that can talk to each other • personal firewalls, "filtering" gateways Uwe Epting - ST/MA

  9. Control Systems (3) • Foresee strategy for updates during operation • Installation of security patches • Operating system updates • Some ideas: • redundant servers • spare server for temporary replacement • plan maintenance periods • allow short interruptions of system components without stopping the rest • plan time for downtime and disaster recovery • ensure backups and rollback possibilities Uwe Epting - ST/MA

  10. Control Systems (4) • Design your system to resist security scans • Some viruses do port scanning • Old systems can be excluded from IT security scans • foresee upgrades of those systems • Avoid generic logins • like: cern, tcr, stcv, stel, ... • if really needed, restrict access rights to the absolute minimum • do system administration with a safe password • Keep a logfile • allowing the trace back of incidents Uwe Epting - ST/MA

  11. More information ... • IT Computer Security web pages: • http://cern.ch/security • read especially • CERN's Computer Security Recommendations • Password Recommendations at CERN • Risks and how you can help to reduce them • Test your systems! • scans may be launched by IT on request Uwe Epting - ST/MA

  12. Questions ? ? Uwe Epting - ST/MA

More Related