Computer System Upgrades
As part of the effort to enhance the Lab's cyber security, the following steps are being taken:
All computer and networking systems on site are being required to conform to the Jefferson Lab system security policy. You can read the full policy at https://wiki.jlab.org/cc/external/wiki/index.php/Systems_Security. In summary, the policy states that access to resources like the Internet, the Lab's local area network and services including shared file systems, etc. will depend on the computer system's security configuration. Some ways that system security will be determined include, but are not limited to:
- Network port scanning to determine what network services are enabled.
- Network vulnerability scanning to verify that patches for known vulnerabilities have been applied and that secure configurations of the network services have been applied.
- Inspection of Operating Systems to verify their patch levels and that they have secure configurations.
One example of an insecure system is one that allows telnet logins. This is an application that uses clear-text passwords. There is no reason for this service to be offered by a desktop system. Network port scanning will be used to detect such services in order to limit vulnerabilities.
Systems, other than short term visitor systems, that do not currently meet the security policy will be required to upgrade in order to access Lab computing resources. Starting on October 17th, IT Division and ACE staff will be assisting staff and users in upgrading their systems as required to comply with this new system policy. If your system needs upgrading you have two primary options:
- Rebuild your system as a level-1 supported system that is totally managed by the IT Division or Accelerator ACE group.
- Upgrade or rebuild your system as a level-2 supported system where the IT Division or Accelerator ACE group manages the patching of the system but the end user has administrative privileges.
Only under special circumstances and with appropriate justification and approval one will one be allowed to manage their own system. If you feel you qualify and have a strong scientific or business justification, you can fill out an exception form, see: https://wiki.jlab.org/cc/external/wiki/index.php/Jefferson_Lab_System_Security_Exception_Request. The form must be signed and approved by the IT Division's Computing and Networking Infrastructure (CNI) group and the head of the IT Division for your system to become a level 3 system.
Thank you for your support in enhancing the Lab's cyber security.