Each year, the Lab's Computer Protection Program asks employees to shut down their computers before leaving for the holidays to help protect the Lab from cyber attacks over the break. This year we are facing a higher level of cyber security threat than we've experienced to date at LBNL. Recent attacks on our systems have been increasingly sophisticated, and the Lab's holiday break has been a time when attacks traditionally occur.

The Lab's ability to maintain an open, collaborative network dedicated to scientific discovery is being jeopardized by these attacks. Please do your part by shutting down or securing your systems by taking these steps over break:

• Before you leave, turn off your systems or remove them from the network if possible, even if it poses an inconvenience to you. (UNIX systems are particularly at risk.)
  
  
• Take additional security precautions if it's impossible to shut down your systems or unplug them from the network. The Computer Protection Program (CPP) has prepared a set of guidelines (see list below) to help you secure your systems over the break.
  
  
• Report suspicious computer activity immediately to cppm@lbl.gov. For computer security-related emergencies, call (510) 486-7770.
  
  
• If you are logging in to Lab systems remotely, take extra care to make sure those remote systems are safe and secure. Utilize LBNL's Virtual Private Network Service (VPN) to provide an additional layer of security. VPN software is available online.
  

Windows:

• Close all applications and services that you are not using. Especially email, web browsers, and remote desktop access systems.
  
  
• Confirm that all your patches are up to date using Windows Update and confirm that Windows is set to automatically update patches on a daily basis, or go here.
  
  
• Confirm that you are running the most current version of Symantec Client Security (2.0.1) and that the firewall and intrusion detection systems are operational and updated. The software is available free to Lab employees here.
  
  
• Confirm that you have no unneeded accounts on your machine by clicking on control panel/user accounts and making sure that all users have passwords and that only current users have accounts.
  
  
• Additional suggestions can be found on the system procedures section of the CPP Web site.
  

UNIX and Linux:

• Close all applications and services that you are not using. Especially email, web browsers, and remote desktop access systems.
  
  
• Make sure you are up to date on all patches. If your version of UNIX is no longer supported, strongly consider turning off your system or upgrading to a supported version.
  
  
• Tidy your systems, including removing unused accounts and turning off unused services.
  
  
• If you operate a process which caches passwords or keys, for example ssh agent, confirm that the process is turned off and secured with a strong password.
  
  
• Configure host-based firewalls and/or tcp-wrappers to limit access to authorized addresses.
  
  
• Additional suggestions can be found on the system procedures section of the CPP Web site.

Macintosh:

• Close all applications and services that you are not using. Especially email, Web browsers, and remote desktop access systems.
  
  
• Make sure your system is up to date with all patches.
  
  
• Confirm that you are running the most current version of Norton Anti Virus for Macintoshes (9.0) and that your virus definition files are up to date.
  
  
• Additional suggestions can be found on the system procedures section of the CPP Web site.