CERN Computer Security Information
锘匡豢<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" ""> <html xmlns="" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname; 聽 }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href=""><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports & Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h2>Connecting to CERN from the Internet</h2> <h4>CERN Single Sign-On</h4> <p>The remote access to a variety of restricted CERN web services and CERN web sites is protected by the CERN Single Sign-On portal (CERN SSO) and requires a valid CERN account and password. CERN SSO can be identified in the URL bar of your browser by starting with "" (right image: the old SSO) or "" (right image: the new SSO):</p> <center><img border="0" src="/recommendations/images/SSO-1FA.png" width="45%"><img border="0" src="/recommendations/images/SSO-new.JPG" width="45%"></center> <p>Occasionally, a warning message is displayed on top of the grey "Sign in with your CERN account" box. If you see this pages hosted elsewhere than at or, or if you happen to see a variation of this page, eventually with typos or missing images, please be careful. This might be a fake SSO page aimed to steal your CERN password. Please report those to us at <a href=""></a>.</p> <h4>Email</h4> <p>In order to access your CERN mailbox use the Web based client, <a href="">Outlook Web Access</a> (OWA), or configure your email client to use <a href="">IMAPS or POPS</a> (IMAP/POP over SSL).</p> <p>If your Internet Service Provider restricts email access to TCP port 25/SMTP then you can configure your email client to use the CERN SMTP servers on TCP port 2525 (with TLS, authentication required).</p> <p>Configuration details for the CERN mail services are at <a href=""></a>.</p> <h4>Interactive Sessions</h4> <p>For an interactive session on Windows (NICE) use the <a href="">Windows Terminal Services</a>. Users would just need the <a href="">Windows Terminal Services client</a> (coming with most Windows distributions), the <a href="">Linux "Rdesktop" client</a> or the <a href="">MacOS Terminal Services client</a>, respectively.</p> <p>For an interactive Linux session use <a href="/recommendations/en/ssh.shtml">SSH</a> to connect to LXPLUS.</p> <p>The Terminal Servers and LXPLUS can also be used to access computers blocked by the CERN firewall, either by using the higher performance <a href="">Remote Desktop Gateway</a> service or by <a href="/recommendations/en/ssh_tunneling.shtml">tunneling through LXPLUS</a>. Note that Remote Desktop Service and SSH, respectively, must be enabled on the destination computer at CERN. <h4>Internal Web Servers, Journals & Licensed Software</h4> <p>For access to <i>internal</i> CERN Web servers, to journals and publications requiring a CERN IP address, or to other special applications installed on dedicated servers, use either the <a href="">Windows Terminal Services</a> or <a href="/recommendations/en/ssh_tunneling_x11.shtml">open a browser on LXPLUS</a>.</p> <p>For licensed software, you must first ensure that you have a valid licence to use the software from outside CERN. Licences for specialized tools and products (e.g. Mathematica) are not generally valid off-site. For the most common desktop products however (e.g. Microsoft Office) CERN has negotiated licence conditions which permit the installation of these products on either a laptop or a home PC as well as on the CERN desktop. For more details on software licensing, see <a href=""></a>.</p> <h4>File Exchange</h4> <p>The standard remote access is through <a href="">CERNbox</a>. For dedicated access to the NICE DFS file system, use <a href="">WebDAV</a> (Web Distributed Authoring and Versioning) which provides a Web interface to DFS files and folders (see <a href=""></a>). Alternatively, you can <a href="">transfer files to a Windows Terminal Services session</a>, e.g. by redirecting your local drive.</p> <p>Linux users are recommended to use AFS or to connect to LXPLUS and use <a href="/recommendations/en/ssh.shtml">SFTP.</a></p> <h4>Printing</h4> <p>You can access printers at CERN from the <a href="">Windows Terminal Services (WTS)</a> or the <a href="">LXPLUS Service</a>.</p> <h4>Other Applications</h4> <p>Many other applications can be tunneled inside <a href="/recommendations/en/ssh.shtml">SSH</a></b> from Windows, Linux and other platforms.</p> <p>In particular, users of <b>Virtual Network Computing (VNC)</b> are strongly recommended to <a href="/recommendations/en/ssh_tunneling_vnc.shtml">tunnel VNC inside SSH</a>. VNC exposes sessions in clear on the network and the passwords are crackable. Break-ins have occurred on systems running VNC. Similar software such as Radmin is used by intruders for unauthorised access.</p> <h4>Further Reading</h4> <p>Please find further details in an article on "Connecting to CERN from home" in the CERN Computing Newsletter <a href="">CNL 44/4 (2009/11/24)</a>.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <h3>For All Users<br/> (Experts or Not)</h3> <ul class="sidemenu"> <li><a href="/recommendations/en/good_practises.shtml">Seven easy good practises</a></li> <li><a href="/recommendations/en/how_to_secure_your_pc.shtml">How to secure your PC or Mac</a></li> <li><a href="/recommendations/en/passwords.shtml">Passwords & toothbrushes</a></li> <li><a href="/recommendations/en/2FA.shtml">Starting with multi-factor authentication</a></li> <li><a href="/recommendations/en/bad_mails.shtml">Bad mails for you:<br/>"Phishing", "SPAM" & fraud</a></li> <li><a href="/recommendations/en/malicious_email.shtml">How to identify malicious e-mails and attachments</a></li> <li><a href="/recommendations/en/how_to_remove_malicious_browser_notifications.shtml">How to remove malicious browser notifications</a></li> <li><a href="/recommendations/en/working_remotely.shtml">Working remotely</a></li> <li><a href="/recommendations/en/connecting_to_cern.shtml">Connecting to CERN</a></li> <li><a href="/recommendations/en/ssh.shtml">Connecting using SSH</a></li> </ul> <h3>For Software Developers</h3> <ul class="sidemenu"> <li><a href="/rules/en/software-development.shtml">Security Checklist</a></li> <li><a href="/rules/en/containers.shtml">Securing Containers</a></li> <li><a href="/rules/en/web-applications.shtml">Securing Web Applications</a></li> <li><a href="/recommendations/en/password_alternatives.shtml">How to keep secrets secret<br/> (alternatives to passwords)</a></li> <li><a href="/recommendations/en/sast.shtml">Static Application Security Testing (SAST) tools</a></li> <li><a href="">GitLab CI Security Tools</a></li> <li><a href="">Developing secure software training</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> © Copyright 2025<strong> <a href="">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href=""></a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>