Cyber Security Policy
Print this article
- Principal Investigators (Non-Profit)
- Principal Investigators (Industry)
- All Users
Title: Cyber Security Policy
The Oak Ridge Leadership Computing Facility (OLCF) computing resources are provided to users for research purposes. All users must agree to abide by all security measures described in this document. Failure to comply with security procedures will result in termination of access to OLCF computing resources and possible legal actions.
The requirements outlined in this document apply to all individuals who have an OLCF account. It is your responsibility to ensure that all individuals have the proper need-to-know before allowing them access to the information on OLCF computing resources. This document will outline the main security concerns. Specific use policies are covered in the OLCF Computing Policy.
OLCF computing resources are for business use only. Installation or use of software for personal use is not allowed. Incidents of abuse will result in account termination.
Inappropriate uses include, but are not limited to:
- Sexually oriented information
- Downloading, copying, or distributing copyrighted materials without prior permission from the owner
- Downloading or storing large files or utilizing streaming media for personal use (e.g., music files, graphic files, internet radio, video streams, etc.)
- Advertising, soliciting, or selling
Accessing OLCF Computational Resources
Access to systems is provided via Secure Shell version 2 (sshv2). You will need to ensure that your ssh client supports keyboard-interactive authentication. The method of setting up this authentication varies from client to client, so you may need to contact your local administrator for assistance. Most new implementations support this authentication type, and many ssh clients are available on the web. Login sessions will be automatically terminated after a period of inactivity.
When you apply for an account, you will be mailed an RSA SecurID token. You will also be sent a request to complete identity verification. When your account is approved, your RSA SecurID token will also be enabled. Please refer to Authenticating to OLCF Systems for more information setting your PIN and logging in; refer to OLCF System Hostnames for more information on host access specifics.
DO NOT share your PIN or RSA SecurID token with anyone. Sharing of accounts will result in termination. If your SecurID token is stolen or misplaced, contact the OLCF immediately and report the missing token. Upon termination of your account access, return the token to the OLCF in person or via mail.
The OLCF uses a standard file system structure to assist users with data organization on OLCF systems. Complete details about all file systems available to OLCF users can be found in the OLCF Data Management Policy.
Additional file systems and file protections may be employed for sensitive data. If you are a user on a project producing sensitive data, further instructions will be given by the OLCF. The following guidelines apply to sensitive data:
- Only store sensitive data in designated locations. Do not store sensitive data in your User Home directory.
- Never allow access to your sensitive data to anyone outside of your group.
- Transfer of sensitive data must be through the use encrypted methods (scp, sftp, etc).
- All sensitive data must be removed from all OLCF resources when your project has concluded.
The OLCF offers two dedicated data transfer nodes to users. The nodes have been tuned specifically for wide area data transfers, and also perform well on the local area. There are also several utilities that the OLCF recommends for data transfer. Please refer to our article on Employing Data Transfer Nodes for information about the DTNs and available utilities.