Requirement
Effective date: November 1, 2023
All Berkeley Lab computers running Microsoft Windows must have CrowdStrike installed.
The Windows operating system presents some unique risks due to inherit credential storage features. Windows requires additional controls to prevent abuse of these features; Crowdstrike is an effective control.
For more information and install instructions: CrowdStrike Falcon
Drivers
- Windows specific issues: The Windows operating system has some inherent and persistent issues that necessitate Crowdstrike as an additional control. It is beyond the scope of this document to describe them in detail, but at a high level: hashes of credentials are not stored in a safe manner and can be used to login to other computers. This issue, combined with Windows being the most popular operating system, make it a particularly lucrative target for attackers.
- Environmental changes: The Internet continues to be extremely hostile, that's not new. What is new is the attacks have become more targeted and sophisticated. Attacks can cause more damage, with attackers focused on encrypting the contents of the computer and remote drives (ransomware) or stealing your data and using the threat of releasing the data for extortion.
- Remote work: Our working habits have changed, post pandemic more computers are located offsite, with fewer network controls available to mitigate attacks. Antivirus provides some protection if the attacker tries to introduce malware, but attackers are increasingly only using native Windows features, an attack strategy known as "living off the land", that will not trigger Antivirus. Crowdstrike will detect this sort of anomalous behavior.
Exceptions
Due to the non-invasive mechanisms used by Crowdstrike to monitor a system, we do not currently know of any use cases for exceptions to this policy. However, if you believe you have a case for an exception, please send details to [email protected] for consideration.
Help/Feedback
You can link to this page at https://go.lbl.gov/windowsrequirescrowdstrike
If you have questions or comments about this website, please contact Cyber Security via email at [email protected].
If you need general computer assistance, please contact the LBNL Help Desk at x4357, [email protected], or online at help.lbl.gov .
