|The Fermilab security team is looking even more closely at the laboratory’s computing systems to uncover vulnerabilities before they become problems. Photo: Andy Beatty|
Scanning our networks for vulnerable systems is an important part of our cybersecurity defenses. (A vulnerability is a software defect that can be exploited by an outsider to cause your computing system to do things you don’t want it to do.) It is important that we find and fix any vulnerabilities before attackers do.
Vulnerability scans consist of two separate processes. The first is a set of continuous scans for critical vulnerabilities, those deemed by the security team as highly likely to be exploited in the very near future. These deficiencies must be remedied immediately, and any new systems appearing on our network that are sensitive to these vulnerabilities need to be detected and blocked immediately to prevent infection.
The second process is a set of periodic, more thorough scans to look for a much broader set of defects. Anything discovered in these scans generates a Service Desk ticket requiring remediation but not an immediate block. Until now, we have performed these scans several times per year. However, with the constantly evolving threat landscape and with new systems constantly being brought on site and connected to our network, we find it prudent to increase our scan frequency.
Consequently, we recently upgraded our scanning systems to allow us to perform full scans of all laboratory systems each month so we can find potential problems even earlier.
What does this mean to you? First, you may detect more frequent scanning from our on-site systems. You should always be sensitive to outside probes or attempts to connect to your systems. In fact, several alert users have observed and reported this increased scan frequency and asked to make sure that it was the “good guys” doing this scanning and not an adversary. Stay vigilant, and continue to report via the Service Desk anything that appears unusual on your systems.
Next, you may see the creation of Service Desk tickets asking you to fix something on your computing systems. Please respond promptly to these requests, as our increased scanning frequency will quickly rediscover issues that have not been dealt with. Repeat “offenders” will have their systems blocked.
Finally, a small number of systems, such as some data acquisition systems, may find that the scans interfere with some real-time operation of their systems. In such cases, please inform the Fermilab security team via the Service Desk, and we will exempt your systems from the scans and implement other mechanisms to ensure secure operation.
Together with other tools in our arsenal, scanning helps minimize the disruptions that could occur from unauthorized or malicious use of our computing resources.