Jun 6, 2005
Use of VPN access puts CERN's security at risk.
Recently we have had incidents caused by people opening VPN connections on home computers and (unknown to them) spreading malicious software into CERN. VPN access to CERN should only be used for extreme and rare cases, and users are formally discouraged against using it as a general solution.
Recommended methods Users should also be aware that the availability of the VPN service may be discontinued in the future for security reasons. Some recommended methods for accessing CERN from the Internet are listed on the right.
VPN connections give access directly inside the CERN firewall. Your computer could therefore introduce viruses, worms or backdoor attacks against which the CERN site is normally protected. Similarly, a discovered password can give an attacker access inside the CERN firewall, putting the whole site at risk. In addition, personal software, such as P2P applications, can become visible on the Internet via CERN's infrastructure, requiring care to ensure compliance with CERN's Computing Rules. For these reasons we ask you to avoid using VPN.
The encryption capability of VPN, which allows you to connect to the CERN network without the data transmitted being visible to snoopers on the Internet, is also available in the recommended alternatives described on the right. Please use the methods we suggest. They are also described at http://cern.ch/security/vpn. A detailed website about remote access to the CERN network is available at http://cern.ch/ras.
About the author Computer Security Team, IT/DI
CERN IS THE INTERNET >