Site Navigation
General Information
Computing Services
Individual Computer Scanning
To run a Nessus scan on your system or get existing Nessus Scan data go to
http://scanner.bnl.gov/myresults.html
General Desktop Support
Please contact: itdhelp@bnl.gov or (631) 344-5522
Cybersecurity Requirements
The following information contains links viewable only
from BNL's internal network. You should
review this information once you are on site.
- ALL COMPUTERS OR OTHER NETWORK DEVICES MUST BE REGISTERED WITH BNL IF THEY ARE TO BE USED ON THE BNL NETWORK. Please read "A visitors guide to BNL networks" regarding policies and procedures: http://intranet.bnl.gov/itd/networking/NWdns.asp
- "Cyber Security Unclassified" as defined by The Standards-Based Management System (SBMS), https://sbms.bnl.gov/standard/2j/2j00i011.htm
For additional requirements and procedures such as, Logon Banner, Antivirus software, and Computer Patching please visit "Connecting to the BNL Network - Getting Started", http://intranet.bnl.gov/itd/networking/GettingStarted.asp , BNL's Information and Technology Division (ITD) home page, http://www.bnl.gov/itd or http://www.bnl.gov/cybersecurity/
DOE's Office of Independent Oversight requires proper patch levels on all computer systems onsite. To review this subject matter please go to http://www.bnl.gov/cybersecurity/patching.asp
Internal Nessus Scanning - Nessus scans are run quarterly to identify vulnerabilities in all systems on the BNL network. As Nessus scanning has at times caused problems with computers being scanned, a Nessus scanning exemption list has been created that allows departments to identify sensitive machines (e.g. control mechanisms) that will not be subject to scanning. You can request a system to be added to the exemption list by contacting the NSLS Cyber Security Point of Contact, Alan Levine X4707 or alanl@bnl.gov. Nessus scanning results are provided to cognizant systems administrators to remediate vulnerable computers as they are identified.
External Nessus Scanning - ITD does an External scan weekly which includes all networks outside of the BNL firewall and conduits through the firewall. All vulnerabilities for externally visible services must be remediated. The scan results will be mailed to the System Administrators/ System owners.
The NSLS strictly adheres to all BNL policies.
The use of wireless access points on any of the NSLS internal subnets is prohibited.
Connecting to the BNL Network - Getting Started
http://intranet.bnl.gov/itd/networking/GettingStarted.asp
DHCP Configuration
DHCP Installation and Release instructions for all platforms.
Network Jack Access
http://intranet.bnl.gov/itd/networking/NWdns.asp
User Accounts
The following computing accounts are available providing you have a valid
life/guest number and your cybersecurity
training is up to date:
- BNL NT Domain Account
- Crypto Card Account
- BNL Exchange E-Mail Account
- IDAS Dial In Account
- SSH Gateway Access Account
- UNIX Systems Account
- UNIX UID Reservation
To request an account, click here.
Account Type DescriptionsBNL NT Domain Account
Used for access to the resources provided by the main BNL Windows
domain. Resources include user home directories (secure remote
folders where data can be saved), shared printers and access to
various web resources.
Crypto Card Account
Used in conjunction with our Cisco VPN client software to access BNL
computing resources from outside the BNL perimeter. You may need
this if your job requires you to work from home, abroad, or while
connected to BNL's visitor network. Please note that upon
submittal, an email will be sent to your supervisor for approval. If
they approve they will have to include a project/activity #.
Exchange E-Mail Account
Provides an e-mail account on the BNL Exchange Email system. This
account is recommended for those who require a bnl.gov e-mail
address.
IDAS Dial In Account
A dial-up account that provides Internet and BNL network access via
your home computer or laptop. You may need this if your job requires
you to work from home or on travel. Please note that this service is
only for use with a standard modem. Users connecting through a
cable-modem will require a Crypto Card (see above). Please note
that upon submittal, an email will be sent to your supervisor for
approval. If they approve they will have to include a
project/activity #.
SSH Gateway Access Account
Provides an account on BNL's SSH gateway systems. From the SSH
gateway systems you can then connect to internal resources provided
you have valid accounts on internal machines. See http://www.bnl.gov/cybersecurity/ssh_gateway.asp
for additional information.
UNIX Systems Account
Used for access to various Unix systems supported by the Information
Technology Division (ITD).
UNIX UID Reservation
For users having an account created on a non-ITD UNIX system.
Reserving a UID with ITD ensures that your UID will be the same on
both ITD and non-ITD UNIX systems. Unless instructed to by your
supervisor or local systems administrator, you will not need a UID
reserved.
BNL Password Policy http://www.bnl.gov/cybersecurity/passwords.asp
Other Services
FTP
Files can be uploaded from any BNL network (130.199.. address space) to a user
ftp site (ftp.nsls-user.bnl.gov) without the need for a computer account of any type.
Log on anonymously and store files under the appropriate beamline. Files are automatically
deleted after 72 hours. Files cannot be uploaded from a non-BNL network but anonymous
downloads are available from non-BNL networks.