CINXE.COM

CERN Computer Security Information

锘匡豢<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname; 聽 }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h2>Connecting to CERN from the Internet</h2> <h4>CERN Single Sign-On</h4> <p>The remote access to a variety of restricted CERN web services and CERN web sites is protected by the CERN Single Sign-On portal (CERN SSO) and requires a valid CERN account and password. CERN SSO can be identified in the URL bar of your browser by starting with "https://login.cern.ch" (right image: the old SSO) or "https://auth.cern.ch" (right image: the new SSO):</p> <center><img border="0" src="/recommendations/images/SSO-1FA.png" width="45%"><img border="0" src="/recommendations/images/SSO-new.JPG" width="45%"></center> <p>Occasionally, a warning message is displayed on top of the grey "Sign in with your CERN account" box. If you see this pages hosted elsewhere than at https://login.cern.ch or https://auth.cern.ch, or if you happen to see a variation of this page, eventually with typos or missing images, please be careful. This might be a fake SSO page aimed to steal your CERN password. Please report those to us at <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a>.</p> <h4>Email</h4> <p>In order to access your CERN mailbox use the Web based client, <a href="http://cern.ch/mmm/exchange">Outlook Web Access</a> (OWA), or configure your email client to use <a href="https://cern.ch/mmmservices/Help/?fdid=5">IMAPS or POPS</a> (IMAP/POP over SSL).</p> <p>If your Internet Service Provider restricts email access to TCP port 25/SMTP then you can configure your email client to use the CERN SMTP servers on TCP port 2525 (with TLS, authentication required).</p> <p>Configuration details for the CERN mail services are at <a href="http://mmm.cern.ch">http://mmm.cern.ch</a>.</p> <h4>Interactive Sessions</h4> <p>For an interactive session on Windows (NICE) use the <a href="https://remotedesktop.web.cern.ch/remotedesktop/">Windows Terminal Services</a>. Users would just need the <a href="https://espace.cern.ch/winservices-help/Terminal%20Services/Introduction/Pages/Win%20client.aspx">Windows Terminal Services client</a> (coming with most Windows distributions), the <a href="https://espace.cern.ch/winservices-help/Terminal%20Services/Introduction/Pages/Linux%20client.aspx">Linux "Rdesktop" client</a> or the <a href="https://espace.cern.ch/winservices-help/Terminal%20Services/Introduction/Pages/Mac%20client.aspx">MacOS Terminal Services client</a>, respectively.</p> <p>For an interactive Linux session use <a href="/recommendations/en/ssh.shtml">SSH</a> to connect to LXPLUS.</p> <p>The Terminal Servers and LXPLUS can also be used to access computers blocked by the CERN firewall, either by using the higher performance <a href="https://remotedesktop.web.cern.ch/remotedesktop/RDGateway/SetRemoteAccessAccounts.aspx">Remote Desktop Gateway</a> service or by <a href="/recommendations/en/ssh_tunneling.shtml">tunneling through LXPLUS</a>. Note that Remote Desktop Service and SSH, respectively, must be enabled on the destination computer at CERN. <h4>Internal Web Servers, Journals & Licensed Software</h4> <p>For access to <i>internal</i> CERN Web servers, to journals and publications requiring a CERN IP address, or to other special applications installed on dedicated servers, use either the <a href="https://remotedesktop.web.cern.ch/remotedesktop/">Windows Terminal Services</a> or <a href="/recommendations/en/ssh_tunneling_x11.shtml">open a browser on LXPLUS</a>.</p> <p>For licensed software, you must first ensure that you have a valid licence to use the software from outside CERN. Licences for specialized tools and products (e.g. Mathematica) are not generally valid off-site. For the most common desktop products however (e.g. Microsoft Office) CERN has negotiated licence conditions which permit the installation of these products on either a laptop or a home PC as well as on the CERN desktop. For more details on software licensing, see <a href="http://cern.ch/Software-Licences">http://cern.ch/Software-Licences</a>.</p> <h4>File Exchange</h4> <p>The standard remote access is through <a href="https://cernbox.cern.ch">CERNbox</a>. For dedicated access to the NICE DFS file system, use <a href="https://dfs.cern.ch/dfs">WebDAV</a> (Web Distributed Authoring and Versioning) which provides a Web interface to DFS files and folders (see <a href="https://dfs.cern.ch">https://dfs.cern.ch</a>). Alternatively, you can <a href="https://winservices.web.cern.ch/winservices/Help/?kbid=320009">transfer files to a Windows Terminal Services session</a>, e.g. by redirecting your local drive.</p> <p>Linux users are recommended to use AFS or to connect to LXPLUS and use <a href="/recommendations/en/ssh.shtml">SFTP.</a></p> <h4>Printing</h4> <p>You can access printers at CERN from the <a href="https://remotedesktop.web.cern.ch/remotedesktop/">Windows Terminal Services (WTS)</a> or the <a href="http://cern.ch/plus">LXPLUS Service</a>.</p> <h4>Other Applications</h4> <p>Many other applications can be tunneled inside <a href="/recommendations/en/ssh.shtml">SSH</a></b> from Windows, Linux and other platforms.</p> <p>In particular, users of <b>Virtual Network Computing (VNC)</b> are strongly recommended to <a href="/recommendations/en/ssh_tunneling_vnc.shtml">tunnel VNC inside SSH</a>. VNC exposes sessions in clear on the network and the passwords are crackable. Break-ins have occurred on systems running VNC. Similar software such as Radmin is used by intruders for unauthorised access.</p> <h4>Further Reading</h4> <p>Please find further details in an article on "Connecting to CERN from home" in the CERN Computing Newsletter <a href="http://cerncourier.com/cws/article/cnl/41030">CNL 44/4 (2009/11/24)</a>.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <h3>For All Users<br/> (Experts or Not)</h3> <ul class="sidemenu"> <li><a href="/recommendations/en/good_practises.shtml">Seven easy good practises</a></li> <li><a href="/recommendations/en/how_to_secure_your_pc.shtml">How to secure your PC or Mac</a></li> <li><a href="/recommendations/en/passwords.shtml">Passwords &amp; toothbrushes</a></li> <li><a href="/recommendations/en/2FA.shtml">Starting with multi-factor authentication</a></li> <li><a href="/recommendations/en/bad_mails.shtml">Bad mails for you:<br/>"Phishing", "SPAM" &amp; fraud</a></li> <li><a href="/recommendations/en/malicious_email.shtml">How to identify malicious e-mails and attachments</a></li> <li><a href="/recommendations/en/how_to_remove_malicious_browser_notifications.shtml">How to remove malicious browser notifications</a></li> <li><a href="/recommendations/en/working_remotely.shtml">Working remotely</a></li> <li><a href="/recommendations/en/connecting_to_cern.shtml">Connecting to CERN</a></li> <li><a href="/recommendations/en/ssh.shtml">Connecting using SSH</a></li> </ul> <h3>For Software Developers</h3> <ul class="sidemenu"> <li>Good programming in <a href="/recommendations/en/program_c.shtml">C/C++</a>, <a href="/recommendations/en/program_java.shtml">Java</a>, <a href="/recommendations/en/program_perl.shtml">Perl</a>, <a href="/recommendations/en/program_php.shtml">PHP</a>, and <a href="/recommendations/en/program_python.shtml">Python</a></li> <li><a href="/recommendations/en/password_alternatives.shtml">How to keep secrets secret<br/> (alternatives to passwords)</a></li> <li><a href="/recommendations/en/checklist_for_coders.shtml">Security checklist</a></li> <li><a href="https://gitlab.docs.cern.ch/docs/Secure%20your%20application/">GitLab CI Security Tools</a></li> <li><a href="/recommendations/en/web_applications.shtml">Securing Web applications</a></li> <li><a href="/recommendations/en/code_tools.shtml">Static code analysis tools</a></li> <li><a href="/recommendations/en/more_on_software.shtml">Further reading</a></li> </ul> <h3>For System Owners</h3> <ul class="sidemenu"> <li><a href="/recommendations/en/rootkits.shtml">Checking for rootkits</a></li> <li><a href="https://twiki.cern.ch/twiki/bin/viewauth/CNIC/WebHome">Securing Control Systems (CNIC)</a></li> <li><a href="/recommendations/en/containers.shtml">Securing Containers & Pods</a></li> <li><a href="/rules/en/baselines.shtml">Security baselines</a></li> <li><a href="http://linux.web.cern.ch/linux/docs/linux_exploit_faq.shtml"> The CERN Linux vulnerability FAQ</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10