Computer Security: Banks and work – CERN

abbeycolton353
Abbey Colton August 5, 2022

At CERN, we probe the fundamental structure of particles that make up everything around us. We do so using the world’s largest and most complex scientific instruments.
Know more
Who we are
Our Mission
Our Governance
Our Member States
Our History
Our People
What we do
Fundamental research
Contribute to society
Bring nations together
Train, educate and engage
Fast facts and FAQs
Key Achievements
Key achievements submenu
The Higgs Boson
The W boson
The Z boson
The Large Hadron Collider
The Birth of the web
Antimatter
Latest news
News
Accelerators
At CERN
Computing
Engineering
Experiments
Knowledge sharing
Physics
Events
Webcasts
CERN Community
News and announcements
Official communications
Events
Scientists
News
Events
Press Room
Press Room submenu
Media News
Resources
Contact
The research programme at CERN covers topics from kaons to cosmic rays, and from the Standard Model to supersymmetry
Know more
Physics
Antimatter
Dark matter
The early universe
The Higgs boson
The Standard Model
+ More
Accelerators
CERN's accelerators
The Antiproton Decelerator
The Large Hadron Collider
High-Luminosity LHC
+ More
Engineering
Accelerating: radiofrequency cavities
Steering and focusing: magnets and superconductivity
Circulating: ultra-high vacuum
Cooling: cryogenic systems
Powering: energy at CERN
+ More
Computing
The CERN Data Centre
The Worldwide LHC Computing Grid
CERN openlab
Open source for open science
The birth of the web
+ More
Experiments
ALICE
ATLAS
CMS
LHCb
+ More
See all resources
By Topic
Accelerators
At CERN
Computing
Engineering
Experiments
Knowledge sharing
Physics
By format
360 image
Annual report
Brochure
Bulletin
Courier
Image
Video
+ More
By audience
CERN community
Educators
General public
Industry
Media
Scientists
Students
+ More
Voir en

|
By Computer Security team
Over the past few months, the Computer Security team and the Identity and Account Management team have started to roll out two-factor authentication (2FA). 2FA is considered to be the silver bullet for protecting computing accounts. You find it everywhere: for accessing Facebook, Twitter, Gmail and many other services. Your bank uses it to protect your money. Still, we are facing resistance. And I’m starting to wonder why it is that people at CERN are perfectly willing to protect their bank accounts with 2FA while trying to avoid using it to protect their work, which is what puts the money in said accounts in the first place…
CERN is under attack, like any other organisation, institute or company, many of which have been hacked or compromised and their data stolen (see here and there). A successful ransomware attack against CERN could have devastating consequences for our operations and reputation. Ransomware attacks, like many other forms of attack, usually take the route of you clicking on a malicious link, opening a malicious attachment or browsing a dodgy webpage, and subsequently infecting your computer. While the consequences for your laptop are local (and can be very nasty), the next hop from that compromised device most likely requires your password. A password that can now be easily intercepted by an attacker who has a foothold in your device. Other successful ransomware attacks are more direct. By asking. By you providing your password directly to an attacker, via a fake login page. Every year, between 10% and 20% of us fall for the Computer Security team’s clicking campaign. Between 10% and 20% of all CERN passwords are exposed. Lost.
Lots of juice for an attacker if those campaigns were real. Just think what they could access with your password. What power they could inherit from you. What the attacker could do if they could observe you working on different IT services, controls systems and financial applications. And what could happen if the attacker started acting on their own. Stopping accelerators? Manipulating experiments? Disabling safety systems? Stealing money? Deleting files? Exposing personal data? Impacting CERN’s reputation?
In order to protect CERN against those types of attack, we are adding another – immense – hurdle for a potential attacker by deploying 2FA on your account. Not only would the attacker need your password, they would also need your second-factor hardware token – i.e. either your YubiKey or your smartphone. And you always know where your smartphone is, don’t you? This is why we consider 2FA to be a silver bullet for account protection. Yes, we do acknowledge that it adds another layer of inconvenience. So we’ve tried, and continue to try, to make 2FA as easy as possible for you:
So, doesn’t your CERN computing account deserve the same level of protection as your bank account? If you agree, give it a try and let us know if you’re happy with it, so that we can set it up for you permanently.
_____
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Follow Us
v J W M 1
 

source

Categories: Uncategorized
abbeycolton353
Abbey Colton

Related Articles