Issues of computer security are ever-present for anyone with a computer, and Director Michael Witherell has designed Tuesday, March 8 at as Computer Security Awareness Day throughout the lab. A day-long series of brown bag seminars will be offered in WH1W and Curia II, including required courses and talks on related topics.

There are now three levels of training and testing for computer security, with these required courses: Security Essentials for Fermilab System Administrators; Security Essentials for Desktop System Administrators; and Basic Computer Security. All lab computer users must take one of these three courses, depending on the scope of your responsibilities.

Computers are a necessary thing at Fermilab - especially for this group of scientists who are spotting the first neutrinos in the MINOS detector. (Click on image for larger version.

The brown bag seminars will include talks on Basics of Grid Computing; Security and the Grid; Fundamentals of Using Kerberos; Dangers of Spyware and Phishing; The Fermilab Network and You, and What Happens in a Computer Security Incident. In addition, there will be kiosks in the Wilson Hall Atrium staffed by computing security experts who can answer your questions about security issues.

All lab computer users must take either Security Essentials for Fermilab System Administrators, or Security Essentials for Desktop System Administrators, or Basic Computer Security. To determine which course is appropriate for you, consider the following questions (which are also answered by supervisors on ITNA questionnaires):

1. If you are the primary system manager of three or more systems, any critical system, any central server, or systems with multiple operating systems, you need to take the Security Essentials for Fermilab System Administrator course. Note that if you assist in system management for a desktop system, but someone else is the primary system manager responsible for updating software and installing patches, then you are not the primary admin. Mere knowledge of a root password or possession of administrative privilege does not mean you are the primary sys admin.
2. If you are the primary system manager for any system, including a laptop or desktop, you need to take a new course called Security Essentials for Desktop System Administrators. This course is less technical than the Fermilab System Administrator course.
3. All other lab computer users who do not fall into the above two categories need to take the Basic Computer Security course (designed for general computer users).

Computer Security is not simply a set of rigid rules which are to be memorized any applied unthinkingly. Rather, it is an attitude consisting of general principles that, when applied appropriately, allows you to deduce the correct behavior even in new and unforeseen circumstances. This flexibility and agility is an important part of our security strategy, which requires us to be able to respond quickly to rapidly changing threat environments, with the lab computing complex under virtually constant attack from the outside internet.

These general principles are summarized in the lab Policy on Computing, which should allow you to determine the correct responses to the test questions even if they are not explicitly discussed in the policy. Taking the test itself is an important part of the security training. You will be notified of any incorrect answers at the completion of the test and given the reasons why the desired answer is the correct one.

-Mike Perricone