Fermilab Cybersecurity

 

A Critical Vulnerability is a Computer Security declared alert regarding a vulnerability in an application, operating system or configuration that, because of an increased risk or active exploit, must be patched outside of normal patching cycles. Critical Vulnerabilities often have a very short patching window, from hours to days, and that patching window may be reduced as the risk or threats increase. In most cases, Critical Vulnerabilities are declared for remotely accessible vulnerabilities that require no user interaction. Critical Vulnerabilities are continuously scanned for by CST, and network access is denied for systems not in compliance due to the increased risk of its presence on the FNAL network.

 

The following vulnerabilities have been declared to be so severe that mitigation measures are MANDATORY for network connection at Fermilab. Mitigations are in order of preference:

• Remove, reconfigure, or disable the affected software
• Patch the affected software to a current enough level to fix the vulnerability.
• Remove the machine from the Fermilab network
• After you fix your vulnerabilities, remember to update the remediation actions taken in TIssue to lift the network block

In exceptional circumstances, one can request permission to restrict access to the host machine to a tightly controlled list of inbound connections. You can also open a ServiceDesk ticket and request the computer security team perform a Nessus scan.