Skip to end of metadata
Go to start of metadata

 

 

Blog Posts

 

Just show me.. Featured Posts  -  Latest Features

On Saturday, September 12, 2020, between 10 PM and 12 AM Sunday, IT will be performing an upgrade of the servers that handle Multi Factor Authentication (MFA) for the Lab.  

While we expect limited to no interruption to the MFA service during this period, there is a potential for outages lasting as long as 30 minutes.  If such an outage occurs, it may impact logging into services that require MFA, including the Lab's Web single sign-on service at login.lbl.gov, FMS, and IT's HPC clusters.  

During the upgrade period, users will not be able to create or modify existing tokens.  Should you use a Yubikey during this period to login and later experience problems, we recommend that you login to the MFA Management application at https://identity.lbl.gov/mfa and resync the affected token. 

If you experience any other issues with your MFA tokens or Yubikey, please contact the IT Help Desk at help@lbl.gov.

As of January 14, 2020 Microsoft stopped support of Windows Server 2008 and 2008 R2. Computers running Windows Server 2008 and 2008 R2 will no longer receive security patches. It is highly advised that all systems running Windows Server 2008 be upgraded immediately. 

As of September 15, 2020 all Windows 2008 servers will be blocked unless registered for an exception. For further information see Windows 7 and Server 2008 Disallowed. To avoid cyber blocking request an exception here.

For help procuring Windows Server 2019 licenses, contact licenses@lbl.gov.

Additionally, if you are using older hardware and need to retire it, you may want to consider migrating the system to IT’s Science Virtual Machine (SVM) hosting service. 

If you need help upgrading your server OS, or are interested in SVM, REQUEST HELP. 


The read-only issues with the Lab's Bitbucket repositories have been resolved as of 5:35PM, so repositories are writeable again.

The issues were first reported at 3:40PM (Pacific).

On Thursday, August 6 at 6PM, commons.lbl.gov, the Lab's Confluence server, was offline for about 3.5 hours during a maintenance window.

DHS has issued Emergency Directive 20-03 on this vulnerability which can be viewed here: https://cyber.dhs.gov/ed/20-03/. (Article quoted below for posterity)

Here is a description of the vulnerability:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 (Article quoted below for posterity)

Please note that while the vulnerability only affects servers with DNS services, Cyber is required to report on the patch status today (July 20, 2020) and Thursday (July 23, 2020).

Please patch servers immediately by installing Windows Updates.



If you are not able to patch for some reason, e.g. Windows Server 2012 without ESU, then you can apply the workaround described here. 


https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability


Article Quotes for Posterity

DHS Emergency Directive 20-03


July 16, 2020


Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday


This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 20-03, “Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday”. Additionally, see CISA’s blog post.


Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency, to “issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information system, including such systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information, for the purpose of protecting the information system from, or mitigating, an information security threat.” 44 U.S.C. § 3553(h)(1)–(2)


Section 2205(3) of the Homeland Security Act of 2002, as amended, delegates this authority to the Director of the Cybersecurity and Infrastructure Security Agency. 6 U.S.C. § 655(3).


Federal agencies are required to comply with these directives. 44 U.S.C. § 3554 (a)(1)(B)(v)


These directives do not apply to statutorily-defined “national security systems” nor to systems operated by the Department of Defense or the Intelligence Community. 44 U.S.C. § 3553(d), (e)(2), (e)(3), (h)(1)(B).


Background


On July 14, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems CVE-2020-1350. A remote code execution vulnerability exists in how Windows Server is configured to run the Domain Name System (DNS) Server role. If exploited, the vulnerability could allow an attacker to run arbitrary code in the context of the Local System Account. To exploit the vulnerability, an unauthenticated attacker sends malicious requests to a Windows DNS server.


The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of this vulnerability, but assesses that the underlying vulnerabilities can be quickly reverse engineered from a publicly available patch. Aside from removing affected endpoints from the network, there are two known technical mitigations to this vulnerability:


    1. a software update, and
    2. a registry modification.


CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action. This determination is based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the Federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise.


CISA requires that agencies apply the security update to all endpoints running Windows Server operating system as soon as possible. A registry modification workaround can help protect an affected Windows DNS server temporarily (until an update can be applied), and it can be implemented without requiring a restart of the server. The registry modification workaround will cause DNS servers to drop response packets that exceed the recommended value without error, and it is possible that some queries may not be answered. The registry modification workaround is compatible with the security update but should be removed once the update is applied to prevent potential future impact that could result from running a nonstandard configuration.


Required Actions


This emergency directive requires the following actions:


    1. Update all endpoints running Windows Server operating systems.

      a. By 2:00 pm EDT, Friday, July 17, 2020, ensure the July 2020 Security Update or registry modification workaround is applied to all Windows Servers running the DNS role.

      b. By 2:00 pm EDT, Friday, July 24, 2020, ensure the July 2020 Security Update is applied to all Windows Servers and, if necessary and applicable, the registry change workaround is removed.

      c. By 2:00 pm EDT, Friday, July 24, 2020, ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers are updated before connecting to agency networks.


CISA recommends agencies focus on updating Windows Servers running the DNS role first.


These requirements apply to Windows Servers in any information system, including information systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.


In instances where servers cannot be updated within 7 business days, CISA advises agencies to consider removing them from their networks.


    1. Report information to CISA

      a. By 2:00 pm EST, Monday, July 20, 2020, submit an initial status report using the provided template. This report will include estimated status information related to the agency’s current status and will identify constraints, support needs, and observed challenges.

      b. By 2:00 pm EST, Friday, July 24, 2020, submit a completion report using the provided template. Department-level Chief Information Officers (CIOs) or equivalents must submit completion reports attesting to CISA that the applicable update has been applied to all affected endpoints and providing assurance that newly provisioned or previously disconnected servers will be patched as required by this directive prior to network connection (per Action 1).


CISA Actions


    • CISA will continue to monitor and work with our partners to identify whether this vulnerability is actively being exploited.
    • CISA will provide additional guidance to agencies via the CISA website, through an emergency directive issuance coordination call, and through individual engagements upon request (via CyberDirectives@cisa.dhs.gov).
    • Beginning August 13, 2020, the CISA Director will engage the CIOs and/or Senior Agency Officials for Risk Management (SAORM) of agencies that have not completed required actions, as appropriate and based on a risk-based approach.
    • By September 3, 2020, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) identifying cross-agency status and outstanding issues.


Duration


This emergency directive remains in effect until all agencies have applied the July 2020 Security Update or the directive is terminated through other appropriate action.


Microsoft CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

Security Vulnerability

Published: 07/14/2020 | Last Updated : 07/15/2020
MITRE CVE-2020-1350

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.



As of January 14, 2020 Microsoft stopped support of Windows 7. Computers running Windows 7 will no longer receive security patches. Most machines are able to upgrade to Windows 10, see Windows 7 End of Life and Upgrade to Windows 10. If you are running legacy software or have computers attached to scientific equipment that only work with Windows 7, you must register it with IT or risk being blocked from the network. Windows 7 computers which have not been registered on the Windows 7 Exception Request Form will be blocked after June 30, 2020.


Related links:

On March 12, 2020 Microsoft released a warning to immediately update and reboot Windows systems due to a Microsoft SMBv3 Client/Server Remote Code Execution Vulnerability. Users are advised this is an extremely dangerous vulnerability and MUST be addressed right away.

Users should know that if their systems are not patched appropriately and an attack is launched against this vulnerability, LBNL will temporarily block computers. If this occurs, users will be unable to remote access their computers which could impact users ability to telecommute. IT strongly advises all users to apply patches immediately and REBOOT.

Any questions or concerns can be directed to security@lbl.gov.

Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.

RELATED ARTICLES

Berkeley Lab IT has released Microsoft’s latest updates for Windows 10, which contains patches for multiple critical security vulnerabilities. One of these, CVE-2020-0601, has been identified by the Cyber Security group as a mandatory update. As such, all Windows 10 systems at the Lab MUST be updated, and may be blocked from the network if they are out of compliance.

Most systems have already been updated using the recommended Windows Update settings, but there are still many systems which remain vulnerable.  To address these remaining vulnerable systems, Berkeley Lab IT is using BigFix to ensure patches are updated:

  • If you get a Reboot Reminder from BigFix, it means that Windows is attempting to install updates, and needs to be restarted to complete the process. Your system will remain vulnerable until the reboot is completed.

  • For systems that are not getting automatically updated, BigFix will prompt you to install the updates directly from our BigFix server. If you get a BigFix patch notification, you will need to take recommended actions in order to protect your system. BigFix will reboot your system upon completion.

Please note that systems which are enrolled in BigFix Passive Management Mode will not be patched or rebooted by BigFix, and users are responsible for installing required updates by running Windows Update.  For information regarding Windows Update, see Microsoft’s site, Update Windows 10.

Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.



Update Firefox Now!

Just as your operating systems need to be patched, so do your browsers. Mozilla recently disclosed a critical vulnerability in Firefox, and advises all users to patch it immediately:

If Firefox is configured to update automatically, patching is as simple as restarting your browser. Users should verify they are running at least version 72.0.1. For your reference Mozilla provides instructions for updating and verification here

Thanks to BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Lastly, users should follow IT Best Practices to ensure computer health.

IT Workstation Support has catalogued the recent issues users have encountered when upgrading their system to the latest macOS Catalina. They are:

  • 32-bit applications will not run on Catalina, see table below

Top 10 32-bit Applications in-use

Name

Quantity

Cisco VPN

277

Microsoft Word, what version?

163

Microsoft Excel, what version?

116

Microsoft Powerpoint, what version?

93

Identity Finder

79

mdworker32 (Office365 process)

65

Adobe Acrobat XI Pro (This software is out of compliance and must be upgraded to the subscription version, see Adobe Acrobat Pro DC)

64

Carbonite (This software is no longer the Lab’s enterprise backup software, see Druva inSync)

29

Adobe Application Manager

28

TextWrangler

28

  • Applications will request proper permissions to run

Application

Solution

Chrome Attachments

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Chrome

Chrome Remote Desktop

https://support.google.com/chrome/thread/16263096?hl=en

DisplayLink

Download and install latest driver (beta release), https://www.displaylink.com/downloads/macos

Druva inSync

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Druva inSync

Sophos

https://community.sophos.com/kb/en-us/134552#How%20to%20correct%20issues

Toshiba copiers fail to print with a “filter failed” error message

  1. Remove print object

  2. Download latest Toshiba drivers

  3. Right-click and install new Toshiba drivers, this will install in an elevated privileged mode

Zoom

On Mac OS 10.15 Catalina, you need to allow Zoom access to Screen Recording to share your screen. 

  1. Open System Preferences > Security & Privacy > Privacy > Screen Recording

  2. Check the option for zoom.us


As with any major operating system upgrade, users should always do the following:

  1. Perform a hardware assessment and check for compatibility

    1. Mac compatibility list - see https://support.apple.com/en-us/HT210222

    2. User must check with the hardware vendor for any external equipment

  2. Perform a software assessment and check for compatibility - users can check https://roaringapps.com/ for software compatibility

  3. Ensure you have all software licensing information if you need to reinstall software

  4. Perform a data assessment and backup all data

  5. Perform upgrade in place or from scratch

If you upgrade to macOS Catalina and something stops working, contact IT User Support at x4357 or email to help@@lbl.gov and we will be glad to help.

December 9th, the beginning of MFA enforcement for all staff, affiliates, and contractors is quickly approaching.


All LBL users must activate MFA for their Berkeley Lab enterprise accounts by this date, or risk losing access to email, LETS, and all other services protected by their Berkeley Lab Identity.


Visit go.lbl.gov/mfa to get started today.

As of Oct 17, 2019 Workstation Support is under guidance from LBL cybersecurity to remove CCleaner from all Lab systems.

Computers that have BigFix (Active Mode) installed will have a pop-up appear informing the user of the action and provide a button to click for easy uninstallation.

We are looking at other options to handle the functions that CCleaner provides, but in the short term, we need to remove it from all Lab systems. Workstation Support will be removing CCleaner beginning Friday, Nov 1, 2019.

Additionally, the free version of CCleaner cannot legally be installed on Laboratory computers.

CCleaner can be removed either via BigFix or via the Windows standard "Add and Remove" programs menu.

If you don't have BigFix installed on your system please see our IT Software Download Page at https://software.lbl.gov/.

If you need help removing CCleaner please contact the Help Desk at xHELP (x4357).

image.png


The LBL Indico instance (https://conferences.lbl.gov) was upgraded from v1.2 to v2.22 which provides a new interface and features in addition to bug fixes after being inaccessible from 10AM-2PM on Friday, September 27, 2019.

You can now log into Indico with your Berkeley Lab Identity credentials using single sign-on (SSO). The first time you login, you may notice a message letting you know it is the first time you have used this form of authentication to login.

This and other changes are highlighted in the Commons page here: https://commons.lbl.gov/x/FgGoCg

Just a reminder that on June 1, 2019, Malwarebytes was no longer being offered by Berkeley Lab IT.  Existing clients will continue to function, but will not receive updates. IT recommends that users uninstall Malwarebytes. This can be done manually, or users can wait until they see a BigFix Offer from IT, which will remove the application automatically. For further information, refer to our Malwarebytes FAQ site.

Berkeley Lab computers are constantly under attack, but what should we, as users, do to protect ourselves and our systems? According to research conducted by Google, users and security experts often have different ideas as to what the best steps are to be taken.

To make it easier, Berkeley Lab IT has developed a series of IT Best Practices that all staff should follow when using Lab computers. These best practices address the most important security recommendations, data protection, and performance optimization.

IT Best Practices include:

  1. Install BigFix on ALL computers. BigFix is used to help keep your operating system and common applications up to date. There is even a Passive mode that you can use if don’t want any updates done automatically. 

  2. To make sure that updates are installed, it is also essential that you REBOOT your computer regularly! BigFix will also tell you when your system needs a reboot.

  3. Use LastPass, a password manager which IT provides for free. LastPass makes it easy to make sure you always use strong, unique passwords.

  4. Enroll in the Lab’s Multi Factor Authentication (MFA) system. With MFA enabled, an attacker who knows your Lab password still won’t be able to log in.

  5. Familiarize yourself with the IT FAQ and Cyber Security websites. These sites are updated regularly with important information for users.

  6. Install Sophos on all workstations. Sophos is provided for free by Berkeley Lab IT.

  7. Use Druva inSync to backup your workstation data, $51/yr for up to 10 computers

  8. Use VPN when on public networks (including LBL’s Visitor Wireless) or on travel. It is a good idea to use VPN whenever possible while offsite.

  9. Clean up your computer

  10. Use Google Drive / Google Shared Drive / Google File Stream to store important or shared files.

Services:

Business Systems

Cyber Security

Networking

Research Services

Workstation Support

Latest News

  1. Prev
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 6
  8. 7
  9. 8
  10. 9
  11. 10
  12. 11
  13. 12
  14. 13
  15. 14
  16. 15
  17. 16
  18. 17
  19. 18
  20. 19
  21. 20
  22. 21
  23. 22
  24. 23
  25. 24
  26. 25
  27. 26
  28. 27
  29. 28
  30. 29
  31. 30
  32. 31
  33. 32
  34. 33
  35. 34
  36. 35
  37. 36
  38. 37
  39. 38
  40. 39
  41. 40
  42. 41
  43. 42
  44. 43
  45. 44
  46. 45
  47. 46
  48. 47
  49. 48
  50. 49
  51. 50
  52. 51
  53. 52
  54. 53
  55. 54
  56. Next

Latest Features

Posted by Kryshna (Krys) Avina
Posted by Charles (Charlie) Verboom
Posted by Charles (Charlie) Verboom
  1. Prev
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 6
  8. 7
  9. 8
  10. 9
  11. 10
  12. Next

Upcoming Events: