Computer Protection Program Berkeley Lab
Computer Protection Program at Berkeley Lab Security
Ernest Orlando Lawrence Berkeley National Laboratory
Emergencies | Site Index | Contact Us
CPP Home
Contacts
Policy Guidelines 
Minimum Security Requirements
Employee Guidelines
Computer Protection Agreement
RPM
DOE Notice to Users
Scan Information
System Procedures
Tools & Services
ALERTS
Recent CPP Actions
News & Articles
CPP Intranet
 
  POLICY GUIDELINES  
Non-LBNL Owned Information Systems  

Procedure
LBNL generally allows the use of non-LBNL owned information systems for onsite network access and for remote access. The system must meet LBNL minimum patch and security configuration levels in order to be utilized. The end user and their line management (and/or host) is responsible for ensuring the security of the information system and takes responsibility for the system and its use. There is no formal authorization or permission, except as noted below for fixed IP addresses. Note that your division, department, or enclave may have additional stricter rules regarding the use of non-LBNL owned devices and a particular application owner may specify more restrictive rules in their use policies.

Use of LBNL networks and remote access constitutes agreement with LBNL Computing and Communications Policies and Procedures including RPM 9.01 and, at a minimum, the network-scannable components of the Minimum Security Requirements

Network Access While Onsite
Non-LBNL systems should generally utilize the LBNL guest wireless network whenever possible. However, this is impractical in many cases, and with approval of an LBNL employee, a non-LBNL system may also be attached to the wired network and receive a DHCP address. Assignment of a fixed IP address requires either employee status or designation of a security-responsible host.

If your personally owned system is blocked from network access for a security violation, please follow the instructions on the website you are redirected to, or failing that, contact the help desk.

Security Considerations for Personally Owned Systems Used for Remote Access to LBNL Systems

When you use a non-LBNL computer to connect to LBNL resources, to the extent possible, you should ensure the system is secure. Shared computers in computer labs, internet cafes, and even your home computer have the potential to be infected with password-sniffing programs or hardware which would allow your LBNL username and password to be compromised (based on previous experience, we would encourage you to be exceptionally careful if you share your home computer with a child or teenager.) Use caution when using these systems and be aware of the greater risks associated with them. More information is available here.

Special Considerations for Personally Identifiable Information

LBNL/UC Personally Identifiable Information is never permitted on any end user device (without explicit permission as detailed here). This includes all non-LBNL owned information systems. Use of non-LBNL systems to access systems in the Business Systems Enclave remotely via structured web interfaces (such as HRIS) may be permissible - check with your line management and/or application functional owner to identify the requirements.