Page tree
Viewable by the world
Skip to end of metadata
Go to start of metadata

    Keep Your Software Up to Date

    Operating system and third party software periodically update for security and enhancement reasons. Some updates may require a reboot of the system so remember to save and close any open files to protect your data.

    BigFix can help you monitor and/or patch your computers. Use this tool to not only report potential system issues, but keep your system patched. Further information can be found on our Patch Management page.

    Install BigFix

    BigFix is a widely adopted cross-platform endpoint management system utilized by private companies, government agencies, and academia. BigFix has a Patch Management module which can identify systems with applications that are out of date and allow system managers to take action to install patches and remediate issues. Berkeley Lab IT has adopted two modes of BigFix, one active the other passive. The Active Mode is recommended for most systems at the Lab, including laptops, desktops, and shared workstations. The Passive Mode is used primarily for monitoring and reporting on system status, software licensing, and asset management. BigFix can be downloaded from the Software Store.

    Lastly, BigFix can help automate and manage your asset inventory. Berkeley Lab Property Management and IT have piloted a program to certify the existence of a DOE tagged asset. Any DOE-barcoded system running BigFix and present on the LBL network can be automatically verified for inventory purposes, without the barcode being scanned, see Help IT Automate Your Asset Inventory.

    Install Sophos

    LBNL Cyber Security has defined the Minimum Security Requirements and all computers connected to the Berkeley Lab network must meet these requirements. One requirement is the installation of an antivirus software with automatic updates. Berkeley Lab IT has adopted Sophos as the enterprise solution. Sophos can be downloaded from the Software Store.

    Use the Lab's VPN

    When working off-site, always utilize Berkeley Lab's VPN. A Virtual Private Network is an encrypted connection over the Internet from your device to a network. Essentially when running VPN, your computer is on Berkeley Lab's secure network and enables you access to restricted resources such as FMS. Cisco VPN software can be downloaded from the Software Store

    Use Multi-Factor Authentication (MFA)

    Utilizing a two factor authentication process helps protect your online accounts and access to your resources. Berkeley Lab IT recommends everyone adopt MFA. Further details can be found on the  MFA page.

    Reboot Your Computer

    You should reboot your computer at least once a week. This will ensure that all software updates are downloaded and installed in a system. This is one of the single most important things you can do to keep your system healthy.

    Cleanup Files on your Machine

    Low disk space can lead to poor system performance and problems with file integrity. You will want to clear browser cache/cookies and remove unnecessary data/software. Remember you have unlimited disk space on Google.

    Third party software tools claim they can help with system clean up. Do not install CCleaner on Lab computers.

    Backup Data

    Your data is important so don't wait for that disaster. Be proactive and obtain a backup solution that meets your needs. Berkeley Lab IT offers Druva inSync as the enterprise backup tool, which can be purchased from the Software Store.

    Google Drive / Team Drive

    Storing your data on a network resource is another option to protect your data. Berkeley Lab IT has both Google Drive and Google Team Drives to store your unlimited data. 

    Ensure you are designated as the custodian of your computing devices. Property Management guidelines are described hereAs the custodian of your computer, you are required to follow all cyber security requirements and protect your computer from loss or theft. If lost or stolen follow Instructions for Reporting Lost, Damaged, Destroyed or Stolen IT Assets.

    Hostname Naming Conventions

    In order to more easily identify the point of contact for desktop and laptop systems at the Lab, particularly when a cyber security event has been detected and the owner has to be notified, a naming convention for the computer's hostname is being used for standard deployments. Lab staff who do not utilize IT for workstation support should consider adopting the standard themselves.

    Physical machine

    The standard format is as follows: (LDAP username)-(OS Identifier)(last two digits of the DOE number located on the machine)

    Example: cwnelson-x44 or cwnelson-w39

    Virtual machine (VM)

    • Use the standard format for a Physical Machine, but prefix the OS Identifier with the letter 'v'
    • Use the last two digits of the host's DOE number (this is the computer that the VM will be running on)

    Example: cwnelson-vt44 for a Windows 10 VM running on a host with the DOE number ending in 44

    The current convention allows for for 1 VM of each type of OS on a given workstation.

    Operating System identifiers

    Windows ME I Millenium
    Windows NT N NT
    Windows 2000 K 2K
    Windows XP X XP
    Windows Vista V Vista
    Windows 7 S Seven
    Windows 8 or Windows 8.1 E Eight
    Windows 10 T Ten
    Mac OS X M Mac
    CentOS C CentOS
    Ubuntu U Ubuntu
    Scientific Linux F Scientific
    Red Hat Linux Family R RHEL
    Other Linux Family L Linux
    BSD Unix Family (FreeBSD) B Berkeley
    Other Unix N Unix
    Virtual Machine Va Virtual where a denotes the OS Version, i.e. VT is a virtual Windows 10 system