ALCPG Workshop

 

ALCPG07 conference logo
ALCPG07
Joint Meeting of the
American Linear Collider Physics Group
ILC Global Design Effort
22-26 October 2007
FNAL Aerial photo
 
Internet Access for ALCPG07 Attendees
Fermilab has very good wireless connectivity for internet access in all the rooms used for the ALCPG07 Meeting. Attendees will be able to use this during the meeting.

To avoid potential headaches from accidental introduction of malicious software, Fermilab requires a simple procedure the first time a laptop accesses the wireless on site. This involves a scan for possible major security holes. There are a few simple preparations attendees can make to minimze the chances of snags when hooking up.

This simple and quick procedure may be done each day to provide access for the entire week of the ALCPG07 Meeting.

Preparation Prior to the Meeting

For Windows systems, the most important preparation is to make sure Windows Update has been run fairly recently. This will ensure that all critical updates have been made, so that access will not be blocked on that account.

For Linux (and MacIntosh) systems, the main possible snag is password-enabled (non-kerberos) ssh or telnet. The attendee should prepare by making sure that sshd is stopped (or know how to stop it and have the privilege to do so) as that would be detected as a security hole and prevent access.

In either case, turn off any file or music sharing programs, and any programs that would perform scans or probes of remote systems.

Also configure your machine to use DHCP-provided DNS servers.

Getting on the Network

Instructions for how to accessing the internet at Fermilab, as well as Computing Security Policy and DHCP registration information, are found on the
Visitor Information - Using the Network at Fermilab
web page.

To access the internet:

  1. Boot your computer, while in any area that is served by wireless at Fermilab, or bring a running system into such an area.
  2. Open a web browser. You will be redirected to a temporary registration page. Provide the registration and contact information -- enter your name and ALCPG07 as the your contact.
  3. Your system will be scanned for vulnerabiliites and viruses.
      The full scan may not be completed at this time: if many systems are registering at once, the system does not make you wait a long time before granting access. You may be informed that registration is in place but the scan was not completed. This is normal; the remaining less-critical scanning will occur while you are able to use the network.
  4. Renew your DHCP ID. The easy way to do that is to shutdown and restart your system.
      To renew without having to reboot:
    • On Windows, open a command window and enter
        ipconfig /release
        ipconfig /renew 
    • On Unix or Linux or a Mac, enter
        service network restart 
You will need to do this temporary registration each day.

Rules for Using the Fermilab Connectivity

By connecting to the network, you indicate your awareness of and consent to the terms and conditions of use found in the Fermilab Policy on Computing.

Some relevant points are:

  • From a Fermilab address you should avoid all activities on newsgroups, auctions, game sites, etc., that are not clearly Fermilab or ILC business.
  • While on the Fermilab network, you must not use your computer to act as a public server of music or other media.
  • You may not scan other computers or perform other actions that can be mistaken for patterns of scanning typical of hacker attacks and break-in attempts. In particular, popular peer-to-peer file sharing programs will often mimic this type of network behavior and thus be blocked, as some programs such as Skye may present difficulties.
  • There can be no telnet-like or ftp services that are visible on the general internet (except those configured so as to require Kerberos authentication). This is why you will need to stop password-enabled ssh before using the network.

If You Are Having Difficulties

  • If your machine does not detect the network at all, make sure your machine is configured to listen to a broadcast SSID.
  • If, when you open a web browser, you are not redirected to a registration page, please verify that your machine is configured to use the DHCP-provided DNS servers.
  • If you are blocked, make sure disallowed services such as password-enabled (non-kerberos) ssh or telnet, and file-sharing applications, are not running.
  • If you need to temporarily connect outside the Fermilab domain (for example, if you have not updated Windows to the required level and are block because of that), we provide special connectivity in the email center.

The E-mail Center and the Helpdesk

There is a Fermilab e-mail center located at the North end of the ground floor (the auditorium is on the South end). This center has several systems which allow logins for the purpose of checking email, registering for Fermilab accounts, and so forth. It also has special wired connections (for use with Windows only) which are not within the Fermilab firewalls; these may be useful for troubleshooting connectivity problems or downloading required Windows Updates.

The e-mail center shares its location with the Fermilab Computing Helpdesk. People there should be able to help with network access problems. The helpdesk can also be reached by phone (extension 2345) or at helpdesk@fnal.gov. Helpdesk hours are 8:00-4:30.

Fermilab Accounts

You don't need a Fermilab user account just for the connectivity during the ALCPG07 Meeting.

However, if you will be working with FNAL computers on a long term basis, it will be necessary to get a Fermilab account. Instructions are found on the Accounts and Passswords web page.

The process requires filling out the Application to Use Fermilab Computers from Off-Site form. There are several possible "affiliations" aproropriate for various ILC-related activities.

Here is a list of ILC Remote Computing contacts for approval of such accounts.

Organized by
FNAL
FNAL Logo
On Behalf of: ALCPG
ILC
Office of Science    Security, Privacy, Legal