Fermi National Laboratory

  Home     Documentation     Registration     Security Requirements     Help     FAQ  

VPN Security Requirements for FNAL access

Questions or feedback on these requirements can be sent to Computer Security Team at: nighwatch@fnal.gov.

VPN Usage Security Concerns?

VPN connections give access directly  inside the FNAL border router. Your computer could therefore introduce virus, worms or backdoor attacks from which the site is normally protected. Similarly, a discovered password can give an attacker access inside the FNAL border router, putting at  risk the entire site. In addition, personal software can become visible on the Internet via Fermilab's infrastructure, requiring care to ensure compliance with Fermilab's Policy on Computing.

What you must do

Before using a VPN connection to access Fermilab resources, you must ensure that:

Securing your computer

Minimum requirements for securing your computer are:

  1. Anti-virus software installed and configured for at least daily updates (for Windows PCs)
  2. Operating system and installed applications regularly/automatically secured for all known security holes
  3. Home computers with "permanent" connections, such as cable modems, protected by a firewall configured to block externally initiated connections
  4. System restricted to only run applications which you are familiar with and responsible for. You are recommended to disable personal software to avoid it becoming visible via Fermilab's infrastructure. In particular note that games, music and freely copied software are targets for viruses,which can place both your system and the fermi domain at risk.

NOTE 1: FNAL centrally managed computers, running Windows or FRHL which are regularly connected to the fermi domain, meet requirements 1 and 2.

NOTE 2: Connecting to FNAL from a computer which is shared with other people creates a serious risk. Please configure your computer and account to run only the applications you require when using the VPN.

NOTE 3: All access to FNAL's computing resources, including via a VPN, requires compliance with Fermilab's Policy on Computing.

Securing your VPN password

Advice on choosing good passwords is at http://computing.fnal.gov/security/UserGuide/password.htm.

VPN passwords must meet the following characteristics:

  • Does not contain your name or user name.
  • Contains 8 characters.
  • Contains characters from each of the following two groups:
  • Uppercase and lowercase letters (A, a, B, b, C, c, and so on)
  • Numerals
    • Page created by: schmidt@fnal.gov.

    (Address comments about page to csi-help@fnal.gov)
    Security, Privacy, Legal Fermi National Accelerator Laboratory