Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security ISO / OHSAS Registration Photo of the Week E. Lessard Collider-Accelerator Department 5-10-11 Take 5 for Safety.

Similar presentations


Presentation on theme: "Computer Security ISO / OHSAS Registration Photo of the Week E. Lessard Collider-Accelerator Department 5-10-11 Take 5 for Safety."— Presentation transcript:

1 Computer Security ISO / OHSAS Registration Photo of the Week E. Lessard Collider-Accelerator Department Take 5 for Safety

2 C-AD Computer Event Malware discovered on April 26, 2011 while installing firewall on.31 subnet; this subnet used by Access Controls Group to talk to the safety system The event involved discovery of a computer on.31 subnet with malware on it that was communicating with a computer in the Ukraine The Ukraine computer was sending back messages Isolated means the system was on C-ADs Access Control List (ACL) and isolation is controlled by the C-AD network group Summer of 2010, CADs network group learned the.31 subnet was not isolated; had to wait until April 26, 2011 to begin to fix Trail shows malware appeared December 10, 2010 on a Human Machine Interface computer in 1004a Trail shows infection came from a Kingston Data Traveler USB flash drive; this virus is not transmitted via internet On April 27, 2011, 1004a computer was disconnected from network On April 28, 2011,.31 subnet isolated – no impact on safety system On April 29, 2011, three more objects on the.31 subnet found with malware 2

3 Computer Security BNL computer security policy is defense in depth Most secure systems are those not connected to the internet and shielded from any interference (not the real world) On defenses, computer security experts have learned that several low hurdles do not make a high hurdle Computer security experts indicate there is no such thing as secure coding practices Code can be disguised as data Computer malware can be used for sabotage (e.g., Irans uranium centrifuges), not just theft Software defenses Trend antivirus and spyware detection software; checks flash drives automatically Access control lists (ACLs); quick fix but known to have flaws - The owner of the object or the system owner decides who has access Encryption during transmission Hardware defenses Physically isolated from network connections and routing services Secure operating systems used by DoD and DOE for classified data (unique microprocessor, memory management and program that controls all other programs) 3

4 ISO and OHSAS Registration Audit for OSH/E Programs May 31 through June 3, NSF International auditors on- site for annual OSH/E management system registration audit New approach this year; interviews with scientists and users Interviews at C-AD set up by Tracy Blydenburgh ERL, EBIS and NSRL Afternoon of Wednesday, June 1, 2011 OSH/E refresher training for C-AD workers set up for Tuesdays and Thursdays, weeks of May 16 and May 30, 2011 Snyder, 11:15 am to noon 4

5 Photo of the Week - Safety Shortcut Extension ladder has no rope and pulley making it difficult to move this ladder Probably why barrel- ladder-stair approach was used Safety shortcuts are usually caused by time pressure Not worth risking your health to gain a few minutes 5


Download ppt "Computer Security ISO / OHSAS Registration Photo of the Week E. Lessard Collider-Accelerator Department 5-10-11 Take 5 for Safety."

Similar presentations


Ads by Google