This document outlines some general computer security guidelines intended to promote better practice and enhance the overall security of the lab. For any question about this document or security in general, contact William Guimont-Martin or David-Alexandre Duclos.

Passwords

• We recommend the use of strong passwords everywhere
  • At least 10 characters, with at least one lowercase, one uppercase and one digit
  • Avoid easy-to-guess passwords such as single dictionary words or common patterns (e.g., Password123)
  • To enforce the rules at the OS-level, change the line starting with password requisite in /etc/pam.d/common-password to password requisite pam_pwquality.so retry=3 minlen=10 difok=3 ucredit=-1 lcredit=-1 dcredit=-1
• You are responsible for your password on your work computer. It must remain confidential
  • Do not write your password anywhere (e.g., Post-it notes, whiteboard, or share it verbally)
• If you need to provide another student access to your machine:
  • Never share your own credentials
  • Create a new account and let them choose a strong password
  • This way, there will be logs of who did what on what computer
  • sudo useradd -c 'Name of the student' -m username
  • sudo passwd username and put a unique password
  • sudo passwd --expire username to force the student to change the password next time they log in.
• Use a password manager to generate and store unique, strong passwords for all services.
• Enable multifactor authentication (MFA) wherever available to add an extra layer of security.
• Use 1Password for lab-wide or admin-level accounts (e.g., purchasing, shared services).
  • To request or add credentials, contact a lab member with 1Password access.

Remote Access

• Remote access to lab computers must be done securely to prevent unauthorized intrusion.
• Avoid using peer-to-peer LAN/VPN tools such as zerotier, hamachi, or similar software
  • These introduce unmanaged external network exposure and bypass institutional security controls.
  • You can check if it is running on your computer using ps aux | grep zero
  • You should only see the grep process; if zerotier-one or similar appears, disable and remove it.
• Use Université Laval's VPN to securely access internal resources:
  • sudo openconnect vpn.ulaval.ca
  • Windows and macOS
• For remote desktop access, prefer RustDesk or TeamViewer with proper security configurations:
  • Always set a strong, custom access password. Do not rely on default or temporary PINs. See the password section above for guidelines.
  • Enable two-factor authentication (2FA) where supported.
  • Regularly review and revoke unused access permissions/devices.
• Always lock your screen or disconnect remote sessions when not actively used. Use virtual desktops to avoid people in the lab being able to see your screen.

Computer Management

• Always lock your computer when stepping away, even briefly (Super + L on Linux, Cmd + Ctrl + Q on macOS).
• Keep your system updated:
  • Regularly install security patches and software updates to reduce vulnerability to known exploits.
• Monitor remote access:
  • Check the history of SSH logins with
  • last -a | awk '{for(i=1;i<=NF;i++) if ($i ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) print $i, $(i-6), $(i-5), $(i-4), $(i-3), $(i-2)}'
  • Review the output for unknown IP addresses or suspicious access times.