BNL Home

Computing Services

Individual Computer Scanning
To run a Nessus scan on your system or get existing Nessus Scan data go to

General Desktop Support
Please contact:  or  (631) 344-5522

Cybersecurity Requirements
The following information contains links viewable only from BNL's internal network. You should review this information once you are on site.

For additional requirements and procedures such as, Logon Banner, Antivirus software, and Computer Patching please visit "Connecting to the BNL Network - Getting Started", , BNL's Information and Technology Division (ITD) home page, or

DOE's Office of Independent Oversight requires proper patch levels on all computer systems onsite. To review this subject matter please go to:

Internal Nessus Scanning - Nessus scans are run quarterly to identify vulnerabilities in all systems on the BNL network. As Nessus scanning has at times caused problems with computers being scanned, a Nessus scanning exemption list has been created that allows departments to identify sensitive machines (e.g. control mechanisms) that will not be subject to scanning. You can request a system to be added to the exemption list by contacting the NSLS Cyber Security Point of Contact, Alan Levine X4707 or Nessus scanning results are provided to cognizant systems administrators to remediate vulnerable computers as they are identified.

External Nessus Scanning - ITD does an External scan weekly which includes all networks outside of the BNL firewall and conduits through the firewall. All vulnerabilities for externally visible services must be remediated. The scan results will be mailed to the System Administrators/ System owners.

The NSLS strictly adheres to all BNL policies.

The use of wireless access points on any of the NSLS internal subnets is prohibited.

Connecting to the BNL Network - Getting Started

DHCP Configuration
DHCP Installation and Release instructions for all platforms.

Network Jack Access

User Accounts
The following computing accounts are available providing you have a valid life/guest number and your cybersecurity training is up to date:

  • BNL NT Domain Account
  • Crypto Card Account
  • BNL Exchange E-Mail Account
  • IDAS Dial In Account
  • SSH Gateway Access Account
  • UNIX Systems Account
  • UNIX UID Reservation

To request an account, click here.

Account Type Descriptions

BNL NT Domain Account
Used for access to the resources provided by the main BNL Windows domain. Resources include user home directories (secure remote folders where data can be saved), shared printers and access to various web resources.

Crypto Card Account
Used in conjunction with our Cisco VPN client software to access BNL computing resources from outside the BNL perimeter. You may need this if your job requires you to work from home, abroad, or while connected to BNL's visitor network. Please note that upon submittal, an email will be sent to your supervisor for approval. If they approve they will have to include a project/activity #.

Exchange E-Mail Account
Provides an e-mail account on the BNL Exchange Email system. This account is recommended for those who require a e-mail address.

IDAS Dial In Account
A dial-up account that provides Internet and BNL network access via your home computer or laptop. You may need this if your job requires you to work from home or on travel. Please note that this service is only for use with a standard modem. Users connecting through a cable-modem will require a Crypto Card (see above). Please note that upon submittal, an email will be sent to your supervisor for approval. If they approve they will have to include a project/activity #.

SSH Gateway Access Account
Provides an account on BNL's SSH gateway systems. From the SSH gateway systems you can then connect to internal resources provided you have valid accounts on internal machines. See for additional information.

UNIX Systems Account
Used for access to various Unix systems supported by the Information Technology Division (ITD).

UNIX UID Reservation
For users having an account created on a non-ITD UNIX system. Reserving a UID with ITD ensures that your UID will be the same on both ITD and non-ITD UNIX systems. Unless instructed to by your supervisor or local systems administrator, you will not need a UID reserved.

BNL Password Policy

Other Services

Files can be uploaded from any BNL network (130.199.. address space) to a user ftp site ( without the need for a computer account of any type. Log on anonymously and store files under the appropriate beamline. Files are automatically deleted after 72 hours. Files cannot be uploaded from a non-BNL network but anonymous downloads are available from non-BNL networks.