Individual Computer Scanning
To run a Nessus scan on your system or get existing Nessus Scan data go to http://scanner.bnl.gov/myresults.html
General Desktop Support
Please contact: email@example.com or (631) 344-5522
The following information contains links viewable only from BNL's internal network. You should review this information once you are on site.
For additional requirements and procedures such as, Logon Banner, Antivirus software, and Computer Patching please visit "Connecting to the BNL Network - Getting Started", http://intranet.bnl.gov/itd/networking/GettingStarted.asp , BNL's Information and Technology Division (ITD) home page, http://www.bnl.gov/itd or http://www.bnl.gov/cybersecurity/
DOE's Office of Independent Oversight requires proper patch levels on all computer systems onsite. To review this subject matter please go to: http://intranet.bnl.gov/cybersecurity/patching.asp.
Internal Nessus Scanning - Nessus scans are run quarterly to identify vulnerabilities in all systems on the BNL network. As Nessus scanning has at times caused problems with computers being scanned, a Nessus scanning exemption list has been created that allows departments to identify sensitive machines (e.g. control mechanisms) that will not be subject to scanning. You can request a system to be added to the exemption list by contacting the NSLS Cyber Security Point of Contact, Alan Levine X4707 or firstname.lastname@example.org. Nessus scanning results are provided to cognizant systems administrators to remediate vulnerable computers as they are identified.
External Nessus Scanning - ITD does an External scan weekly which includes all networks outside of the BNL firewall and conduits through the firewall. All vulnerabilities for externally visible services must be remediated. The scan results will be mailed to the System Administrators/ System owners.
The NSLS strictly adheres to all BNL policies.
The use of wireless access points on any of the NSLS internal subnets is prohibited.
Connecting to the BNL Network - Getting Started
DHCP Installation and Release instructions for all platforms.
Network Jack Access
The following computing accounts are available providing you have a valid life/guest number and your cybersecurity training is up to date:
To request an account, click here.Account Type Descriptions
BNL NT Domain Account
Used for access to the resources provided by the main BNL Windows domain. Resources include user home directories (secure remote folders where data can be saved), shared printers and access to various web resources.
Crypto Card Account
Used in conjunction with our Cisco VPN client software to access BNL computing resources from outside the BNL perimeter. You may need this if your job requires you to work from home, abroad, or while connected to BNL's visitor network. Please note that upon submittal, an email will be sent to your supervisor for approval. If they approve they will have to include a project/activity #.
Exchange E-Mail Account
Provides an e-mail account on the BNL Exchange Email system. This account is recommended for those who require a bnl.gov e-mail address.
IDAS Dial In Account
A dial-up account that provides Internet and BNL network access via your home computer or laptop. You may need this if your job requires you to work from home or on travel. Please note that this service is only for use with a standard modem. Users connecting through a cable-modem will require a Crypto Card (see above). Please note that upon submittal, an email will be sent to your supervisor for approval. If they approve they will have to include a project/activity #.
SSH Gateway Access Account
Provides an account on BNL's SSH gateway systems. From the SSH gateway systems you can then connect to internal resources provided you have valid accounts on internal machines. See http://www.bnl.gov/cybersecurity/ssh_gateway.asp for additional information.
UNIX Systems Account
Used for access to various Unix systems supported by the Information Technology Division (ITD).
UNIX UID Reservation
For users having an account created on a non-ITD UNIX system. Reserving a UID with ITD ensures that your UID will be the same on both ITD and non-ITD UNIX systems. Unless instructed to by your supervisor or local systems administrator, you will not need a UID reserved.
BNL Password Policy http://www.bnl.gov/cybersecurity/passwords.asp
Files can be uploaded from any BNL network (130.199.. address space) to a user ftp site (ftp.nsls-user.bnl.gov) without the need for a computer account of any type. Log on anonymously and store files under the appropriate beamline. Files are automatically deleted after 72 hours. Files cannot be uploaded from a non-BNL network but anonymous downloads are available from non-BNL networks.