ITSD Computing and Communications Services News
December, 2002

CCS News Home
Back Issues
Computer Security
Help Request
Software Downloads
Computer Backups
Buy a Computer
Suggestion Box
Email
Calendar
Onsite Computer Training
ITSD
CIS
ISS
NTD
TEID
  DOE Cybersecurity Audit Seeking Out Vulnerabilities -- Here's How to Make Sure Your Computer Protection Systems are Current

The DOE Office of Oversight and Assurance is conducting vulnerability scanning against all LBNL computer systems as part of a comprehensive effort to ensure that all national laboratories have appropriate cybersecurity measures in place. The Lab's Computer Protection Program and the Computing Infrastructure Support Department have been scanning all computers on the Lab networks to identify vulnerabilities and alert users of the vulnerable systems so they can be made secure.

Because Berkeley Lab maintains that an open environment is essential for advancing world-class science, the Lab has stopped short of imposing firewalls and similar restrictive measures, yet still protecting our computing infrastructure from outside threats. Every employee who uses a computer has a role in ensuring that this infrastructure remains protected. These responsibilities are spelled out in the Lab's Regulations and Procedures Manual.

The best way to ensure your computer's operating system is running the latest security patches and "hot fixes." The second step is to determine which Internet-related services your computer is running and then turn off those you don't need and ensure the remaining services are secure.

Operating System Updates
Each vendor of operating systems, such as Windows, Mac OSX and various varieties of UNIX, regularly provide system and security updates to fix vulnerabilities as they are identified.

Windows
Microsoft regularly provides Windows Updates, Service Packs and Hot Fixes to patch known vulnerabilities in Windows. Depending on the version of Windows you are running - 2000, NT, XP - you can download the appropriate Service Pack from the Lab's Software Download page -- look under the Security heading. To make sure the fixes are applied correctly, download the appropriate Service Pack first, then the related Hot Fix package.

Users of all Windows versions, including 95 and 98, can learn how to install the latest security fixes by going to Microsoft's Updates Web page. You can also run the Updates program by going to the Start menu and looking under Settings.

Macintosh
Apple Computer has an extensive list of networking and security downloads available via the Web.

UNIX
UNIX vendors provide similar services to those described above and links for patches provided by several vendors can be found on the UNIX Security Web page of the Lab's UNIX Support Group.

Another option for UNIX users is to sign up for the UNIX security service level agreement provided by the Lab's UNIX Support Group. For more information, contact either Gary Jung (X4894) or Jim Guggemos (X6001) of the UNIX Support Group.

For additional help, contact your division's computer security liaison or contact the computer support Help Desk at X4357.