TABLE OF CONTENTS
| Table of Contents | |
|---|---|
|
...
|
...
Security and Maintenance Practices
Keep Your System Patched
Security Experts Recommend
Cyber Security recommends IT best practices to ensure the optimum security posture to protect your computing environment and your data. The diagram below demonstrates what users think is important to protect their computer, but cyber security experts state otherwise. Berkeley Lab IT recommends users adopt the following IT Best Practices.
The IT User Support Department would like to add additional best practices to the experts list.
Keep Your Software Up to Date
Keeping your system and third party software up-to-date is the number one thing you can do to protect your system. Some Operating system and third party software periodically update for security and enhancement reasons. Some software packages have update managers to help remind you that software updates are available. Don’t wait, take the time to install those updates. Please note that some updates may require a reboot of the system so remember to save and close any open files to protect your data.
BigFix (https://commons.lbl.gov/display/itfaq/BigFix) can help you monitor and/or patch your computers. Use this tool to not only report potential system issues, but keep your system patched. Further information can be found on our Patch Management FAQ (https://commons.lbl.gov/display/itfaq/Patch+Management+Services).
Reboot Your Computer
You should reboot your computer at least once a week if you can. This can help ensure that all software updates are downloaded, installed and registered in a system. This is one of the single most important things you can do to help keep your system healthy.
Install BigFix
- Keep Windows system up to date
- Keep Apple system up to date
- Keep Google Chrome up to date
- Keep Mozilla Firefox up to date
- Keep Zoom up to date
Before doing updates, it is recommended you make a backup of your computer. Berkeley Lab IT offers Druva inSync for backup solution.
Install BigFix
BigFix Information BigFix is a widely adopted cross-platform endpoint management system utilized by private companies, government agencies, and academia. BigFix has a Patch Management module which can identify systems with applications that are out of date and allow system managers to take action to install patches and remediate issues. Berkeley Lab IT has adopted two modes of BigFix, one active the other passive. , Active and Passive BigFix. BigFix can be downloaded from the Software Store.
- The Active Mode
...
- is recommended for most systems at the Lab, including laptops, desktops, and shared workstations.
The Passive
...
Mode is used primarily for monitoring and reporting on system status, software licensing, and asset management.
...
Lastly, BigFix can help automate and manage your asset inventory. Berkeley Lab Property Management and IT have piloted a program to certify the existence of a DOE tagged asset. Any Any DOE-barcoded system running BigFix and present on the LBL network can be automatically verified for inventory purposes, without the barcode being scanned, see see Help IT Automate Your Asset Inventory.
Install Sophos
| Tip |
|---|
BigFix can help you monitor and/or patch your computers. Use this tool to not only report potential system issues, but keep your system patched. Further information can be found on our Patch Management page. |
Reboot Your Computer
You should REBOOT your computer at least once a month. For Windows users, this reboot may occur a bit more often depending upon Windows Updates. Rebooting will ensure that all software updates are downloaded and installed in a system. This is one of the single most important things you can do to keep your system healthy.
Password Best Practices
As recommended by cyber security experts using unique and strong passwords can increase your security posture.
Generating, remembering and maintaining unique passwords is challenging and nearly impossible. As the number of mandatory passwords, password length, and password complexity increases, it becomes harder to remember them without relying on risky alternatives such as writing passwords down or reusing passwords for more than one application. Utilizing the same password across several websites will make you vulnerable if one site is compromised, all can get compromised.
LBNL Cyber Security has defined the Minimum Security Requirements and all computers connected to the Berkeley Lab network must meet these requirements. One requirement is the installation of an antivirus software with automatic updates. Berkeley Lab IT has adopted Sophos as the enterprise solution. Sophos can be downloaded from the Software Store.LastPass, a password manager, helps ensure that your passwords are maintained in a safe, encrypted vault and makes it easier for users to protect their online identities by using hard to crack passwords. Berkeley Lab has provided LastPass free of charge to Lab employees.
Use Multi-Factor Authentication (MFA)
Utilizing at least a two factor authentication factor authentication process helps protect your online accounts and access to your resources. Berkeley Lab IT recommends everyone adopt MFA to provide you that extra layer of defense. Further details can be found on the IT FAQ MFA site.
Clean Up Your Files
Low disk space can lead to poor system performance and problems with file integrity. Please take the time to clear out any caches, delete data in your downloads folder or temporary folders, and remove any unnecessary data. Remember you have unlimited disk space on Google, use that disk space to your advantage. System maintenance suggestions from Microsoft and MacWorld:
Windows - Tips to Free Up Drive Space on Your PC (http://windows.microsoft.com/en-us/windows-8/free-up-disk-space)
Mac - Seven Ways to Free Up Drive Space (http://www.macworld.com/article/1165698/macs/seven-ways-to-free-up-drive-space.html)
There are third party software tools that claim they can help with system clean up. Do not install CCleaner on Lab computers, see CCleaner Hacked (https://commons.lbl.gov/display/itdivision/2017/10/12/CCleaner+Hacked).
Clear Your Browser Cache
When your browser performance becomes erratic or sluggish think about clearing the cache, see "To Clear or Not to Clear Browser Cache".
Data Protection
the MFA page.
Install CrowdStrike / Anti-virus Software
LBNL Cyber Security has defined the Minimum Security Requirements and all computers connected to the Berkeley Lab network must meet these requirements. One requirement is the installation of an antivirus software with automatic updates. Berkeley Lab IT has adopted CrowdStrike as the enterprise solution. CrowdStrike can be downloaded from the Software Store and see CrowdStrike Information page for more information and installation instructions.
Backup
...
Data
Your data is important so don't wait for that disaster. Be proactive and obtain a backup solution that meets your needs. Berkeley Lab IT has adopted offers Druva inSync as as the enterprise backup tool. Druva inSync , which can be purchased from the the Software Store.
Google Drive / Team Drive
Storing your data on a network resource is another option to protect your data. Berkeley Lab IT has adopted both Google Drive and Google Team Drives to store your unlimited data.
Software Store
Berkeley Lab IT has provided a repository of software from https://software.lbl.gov. Both free and software for purchase can be found on this site. If you are unable to find your software, a request to l[email protected] can be submitted. Berkeley Lab IT can also provide access to iOS applications via Apple's Volume Purchase Program (VPP), see Mobile App iOS Purchases.
...
Use the Lab's VPN
When working off-site, always utilize Berkeley Lab's VPN (virtual private network). A virtual private network Virtual Private Network is an encrypted connection over the Internet from your device to a network. Essentially when running VPN, your computer is on Berkeley Lab's secure network and enables you access to restricted resources such as FMS. Cisco VPN software can be downloaded from the Software Store.
...
.
Cleanup Files on your Machine
Low disk space can lead to reduced system performance, problems with file integrity and sometimes the inability to download current operating system and application updates. It is optimal to periodically clear browser cache/cookies and remove unnecessary data/software from your system. Remember you have unlimited disk space on Google.
Third party software tools claim they can help with system clean up. Do not install CCleaner on Lab computers.
Google Drive/ Google File Stream / Google Shared Drive
Storing your data on a network resource is another option to protect your data. Berkeley Lab IT has both Google Drive and Google Shared Drive to store your unlimited data. For more information from Google see Enterprise-ready tools for Google Drive.
Asset Management
Ensure you are designated as the custodian of your of your computing devices. Property Management guidelines are described here. As the custodian of your computer, you are required to follow all cyber security requirements and protect your computer from loss or theft. If lost or stolen, follow Instructions for Reporting Lost, Damaged, Destroyed or Stolen IT Assets.
Hostname Naming Conventions
In order to more easily identify the point of contact for desktop and laptop systems at the Lab, particularly when a cyber security event has been detected and the owner has to be notified, a naming convention for the computer's hostname is being used for standard deployments. Lab staff who do not utilize IT for workstation support should consider adopting the standard themselves.
Physical machine
The standard format is as follows: (LDAP username)-(OS Identifier)(last two digits of the DOE number located on the machine)
Example: cwnelson-x44 or cwnelson-w39
Virtual machine (VM)
- Use the standard format for a Physical Machine, but prefix the OS Identifier with the letter 'v'
- Use the last two digits of the host's DOE number (this is the computer that the VM will be running on)
Example: cwnelson-vt44 for a Windows 10 VM running on a host with the DOE number ending in 44
The current convention allows for for 1 VM of each type of OS on a given workstation.
Operating System identifiers
...
Help
Help in any of these areas can be obtained from the Help Desk or through a help ticket by clicking REQUEST HELP.
