You are here: Home PIK Members Dietmar Gibietz Security Standards and System Compliance

Security Standards and System Compliance

For scientific work today, the data access and communication services provided by computer networks are essential. However, computers attached to a network – particularly the worldwide Internet – are exposed to a wide range of security threats. Providing network services is a balancing act between open access and security. With a focus on operating the PIK computer network in a secure manner, and for protecting the user's valuable data, the IT-Services Team provides in-depth security and expert knowledge across all system platforms at PIK.

RELIABILITY AND SECURITY

Security is an important aspect of a reliable computer configuration, and is also an integral part of systems management throughout the life cycle of the machines at PIK.

SECURITY AUDITS AND IN-DEPTH SECURITY

Malware programs, such as viruses, worms and backdoors, are a major threat to software reliability. Thus, all PIK Windows systems (which are in particular threatened by malware) are equipped with a managed antivirus solution. In addition, the workstation computers are equipped with managed desktop firewalls. During the last years, these layers of protection have blocked a considerable number of virus attacks (several thousands per month), while there has not been any incident of a malware spread at PIK.

CRITICAL SYSTEM UPDATES / HOTFIXES

DC-IT has developed custom processes for detecting vulnerabilities and automatically deploying critical updates. The patch deployment process uses a prioritisation which takes into account several factors, such as OS-type (Windows, Linux etc), and exposition to threats (desktop or mobile computers). In emergency situations like 0-day exploits, critical updates can efficiently be deployed from the system manager's desktop to the client computers.

 

USER TRAINING AND HELP DESK

• Implementation of secure communications – encryption and tunnelling, for instance – using tools such as SSH,

• Guidance to using mobile computers which are connected to public networks (WLANs, external ISPs) in a secure manner,

• Support for solving all kinds of issues related to secure internet communication, such as handling specific mail attachments or using external networks.

REFERENCES

• An Analysis of UNIX System Configuration, by Rémy Evard (Argonne National Laboratory), http://www.usenix.org/publications/library/proceedings/lisa97/full_papers/20.evard/20_html/main.html

• User Guide for Virus Protection of Windows Computers at PIK, by Dietmar Gibietz-Rheinbay (PIK), http://www.pik-potsdam.de/institute/organization/itservices/user_guides/security/antivirus_microsoft

Document Actions