Main navigation

Security Policy

Eligibility for an account: who may apply for a login ID

Any current UCLA student, faculty or staff member with a valid UCLA Logon ID may apply for access to the Hoffman2 Cluster.

Those who are affiliated with a research group may apply for access to that group’s own virtual cluster resources. Cluster access can be authorized for people not affiliated with UCLA by written request from a faculty member who has purchased hardware on the Hoffman2 Cluster or other cluster hosted by IDRE.

To access to the UCLA Grid Portal you must either have a login ID on a cluster which is participating in the UCLA Grid or be a current UCLA student, faculty or staff member with a valid UCLA Logon ID. UCLA Grid Portal access is not authorized for those not in these categories.

Safeguard your login IDs and passwords

Keep your UCLA Grid Portal username and password safe and do not allow anyone else to access the UCLA Grid Portal using your username.

Cluster login IDs are single user login IDs only. Do not let anyone else know or use your login ID and password. Any form of use of another person’s account, for example using an ssh public key to gain access, is a violation of this policy. If we suspect that a login ID is being used by more than one person, we will suspend access to the login ID until the matter has been resolved.

Do not leave your local machine unattended while you are logged in to any cluster hosted by IDRE. If you think that your password has been compromised, change your password immediately and contact hpc@ucla.edu

UCLA Policy 401: Minimum Security Standards for Network Devices

UCLA Policy 401: Minimum Security Standards for Network Devices specifies the minimum security standards for all electronic devices connected to the UCLA Campus Network, including those connected via the UCLA Virtual Private Network (VPN). Make sure you meet these minimum standards. See UCLA Policy 401, Attachment A.

UCLA Policy 404: Protection of Electronically Stored Personal Information

Pursuant to UCLA Policy 404: Protection of Electronically Stored Personal Information any Personal Information (PI) data stored on IDRE-owned file systems must be protected. The policy also applies to data uploaded to or stored on UCLA Grid.

Personal Information is defined as “an individual’s first name or first initial, and last name, in combination with any one or more of the following: (1) Social Security number, (2) driver’s license number or California identification card number, (3) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account, (4) medical information, and (5) health insurance information.”

Since IDRE has responsibility for the file system hardware, it also has responsibility for insuring that users of its file systems understand what is required of them. To that end we need to know if you are storing any Personal Information on an IDRE-owned file system. If you are, we strongly recommend that you remove it immediately. If this is not possible,

  • You must encrypt the data per policy guidelines.
  • You must inform the Director, in writing, what kind of Personal Information you have and why you must keep it on an IDRE-owned file system.

If a security breach occurs and Personal Information is stolen and it is not encrypted, then you, as the custodian of the data, are liable for the exposure.

Federal Export Controlled Software

Pursuant to federal export control regulations http://ora.research.ucla.edu/RPC/Pages/nsreg.aspx, certain export restricted software must be protected. Export restricted software which must be protected includes: (1) certain strong encryption software, (2) software controlled under the Department of Energy 10 CFR §810 regulations, (3) software controlled under the Department of State, International Traffic in Arms (ITAR) regulations 22 CFR §120-13.

If you are storing any of the above export restricted software, we strongly recommend you remove it immediately. If you do decide to keep it, you must inform the Director of the IDRE Research Technology Group, in writing, about the export restricted software in your account. If a security breach occurs, you, as the custodian of the software, are liable for the exposure and subsequent export control regulatory violations. If you have questions about how your software is controlled under export regulations, contact Claudia Modlin, Research Policy and Compliance Coordinator at cmodlin@research.ucla.edu

Secure access with SSH2

You must use the Secure Shell Protocol (SSH) version 2 to access a login node of any cluster hosted by IDRE. You can use nx, rsync, scp, sftp, ssh commands and local GUI interfaces, for example on Windows machines, that are based on SSH version 2. Compute nodes, including interactive compute nodes, can only be accessed from the login nodes.

Safety for other systems that you use

Although we make every attempt to ensure the security of the system, because the login nodes of the clusters hosted by IDRE are not behind fire walls, there is no guarantee that it cannot be compromised by a malicious attacker. For your own security and the security of other computing equipment that you use, do not ssh to or scp to other machines from any cluster hosted by IDRE. In the rare instance that the cluster is compromised, entering passwords or other authentication information for other machines may allow those other machines to become compromised as well.

Report Typos and Errors
UCLA OIT

© 2016 UC REGENTS TERMS OF USE & PRIVACY POLICY