Author : Torsten Rössel, Director of Business Development, Innominate Security Technologies
12 May 2010
Any manufacturer with industrial applications based on Windows 2000 may wisely be considering a newer operating system right now, in order to remain in production with the needed security support.Migrating to a new operating system can be time-consuming, disruptive, and expensive.
Are there any better alternatives? This article presents one proven solution.
Microsoft Windows operating systems are widely used for networked industrial automation equipment.
Unfortunately, these industrial Windows applications, like their counterparts in office networks, are also vulnerable to known and new Windows security loopholes that keep being discovered and can be exploited.
Microsoft’s Lifecycle Policy for business and developer products provides 5 years of Mainstream Support and 5 years of Extended Support, during which time necessary Security Updates are available for a total of 10 years. The lifetime of industrial machinery and other capital equipment, however, is often 20 or more years of useful operation. The much shorter lifecycle of software suggests that it will usually not survive as long as the equipment it serves.
Mainstream Support for Windows 2000 ended in June 2005. In July 2010 the Extended Support for Windows 2000 will also expire.
Planned obsolescence is a key element of software product management and marketing.
There are several historical examples. While Windows 2000 has enjoyed a ten year run, other earlier operating systems did not. Support for Windows 95 expired in December 2001. Support for Windows NT 4.0 expired after eight years in June 2004. And support for Windows 98 expired in July 2006. Common sense, good business judgment and IT security policies dictate planning ahead for the demise of current software support.
What Should be Done?Proceeding with “business as usual” while keeping both eyes firmly shut is not a recommended course of action. Worms, viruses, Trojans, and hacker exploits are problems not to be ignored.
The widespread popularity of Microsoft operating systems has made them an all too appealing target for malware creators. In 2008, Microsoft issued thirty-six Security Updates relevant for Windows 2000, including nineteen classified as “Critical,” the highest classification. Another sixteen Security Updates were classified as “Important.”
Then in 2009, Microsoft released an even larger number Security Updates, forty-eight for the nine year old system, thirty-one of them “Critical” and again sixteen “Important”! In fact, in every month of 2009, at least one additional breed of malware had to be dealt with by a new version of the Microsoft Windows Malicious Software Removal Tool distributed with the other monthly system updates.
The notorious Conficker worm proved to be a particularly troublesome issue, as well as the dangerous and versatile Trojans Waledac and the Bredolab downloader, ushering in a plethora of evil malware and spyware from servers hosted mostly in Russia and China. The expiration of support for Windows 2000 means the end of available and automated security updates against these kinds of threats.Expensive UpgradesAn obvious solution, of course, is the upgrade to a newer operating system with current support, now and for the near future.
But upgrades are costly. New licenses need to be purchased and new software installed. And as new versions of Windows tend to be ever more hungry for resources, they often require the acquisition of new hardware and infrastructure as well.
That is when the dreaded “unanticipated consequences” begin to occur, involving considerable extra work and expense. Certified systems and automated manufacturing processes typically require reiteration of an expensive approval process when altering any of their components.
As a result of production complications greater than those in the office environment, significant upgrade expenses can quickly accumulate. And who wants the responsibility of triggering that cost avalanche when it is very difficult to calculate the potential security risks and the risks of unforeseen glitches that can affect production? Common sense and demonstrated logic often dictate “if it’s not broke, let’s not ‘fix’ it.”Protection by Retrofitting Distributed Security AppliancesWhat virtually all software security risks share in common is that they are based on the weaknesses and vulnerabilities of network protocols and services. Hacker exploits and malware use these weaknesses over an IP-based network to gain access, control, and opportunities for damage and proliferation.
If security updates against newly discovered vulnerabilities are no longer available, there is an increased risk to the unsupported system, which must continue to communicate with other network nodes, and often with portions of the outside world (engineering and programming consultants, remote maintenance services, etc.)The days of a truly isolated production network are rapidly disappearing. But while vital system interconnections are obviously impossible to eliminate, most other types of potential network communication can be blocked as a means to reduce the risk of infections.
It is the purpose of firewalls to control and selectively filter unrestricted Ethernet and IP-based communications on the network.
In addition to front office firewalls, there are industrial network security appliances that are needed to provide “defence-in depth” on the factory floor. This method of protection is better, faster, cost-effective and easily installed by technicians rather than network administrators.
Availability is in various industrial-rated designs; for DIN-rail mounting, for 19 inch rack mounting in cabinets, as PCI cards or as dongle-style patch cords. An example is the family of mGuard® products from Innominate Security Technologies, Phoenix Contact, and select others.
As a result of a patented “Stealth Mode,” these products are completely transparent, automatically assuming the MAC and IP address of the equipment to which they are connected, so that no additional addresses are required for the management of the network devices. No changes need to be made to the network configuration of the existing systems involved.
Yet the devices operate invisibly and transparently, monitoring and filtering traffic to the protected systems by providing a Stateful Packet Firewall according to rules configured via templates from a centrally located server. And thanks to their bi-directional “Wire Speed” capability, mGuard appliances will not add any perceptible bottlenecks to a 100 Mb/s Ethernet network.
If required, the security of networked equipment may be further enhanced by additional mGuard features. Configuration of specific user firewall rules can restrict the type and duration of access for authorised individuals, who may login and authenticate themselves from varying locations, PCs, and IP addresses.
Virtual Private Network (VPN) functions provide for secure authentication of remote stations, and the encryption of data traffic. The unique mGuard CIFS Integrity Monitoring functionality protects Windows file systems against unexpected modifications, of executable code by malware, for instance. Common Internet File System / Server Message Blocks (CIFS/SMB) are the protocols behind Windows file sharing.Thus customers, in the automotive industry and others, have already used the mGuard system with excellent results in providing security for older production systems using Windows 95, Windows 98 and Windows NT.Never Touch a Running System: Security for Non-patchable EquipmentThere is always a substantial concern that a reckless, blanket implementation of software patches and security updates will inadvertently affect the operation, stability and quality of production, without extensive (and expensive) certification tests prior to implementation. Thus “never touch a running system” is the dominant principle in production.
The costs of certification and risks of warranty claims against machinery and equipment suppliers are such that many embedded PC systems are operated without software patches and security updates. So they are treated as non-patchable, long before the end of their Extended Support. All of these non-patchable systems can also be provided with enhanced security by the same method of retrofitting Stealth Mode security appliances to them, as described in the previous paragraphs.
ConclusionThe clock is ticking. In a few months, untold numbers of Windows 2000 systems will no longer have access to Extended Support and Security Updates, when these end in July 2010. Nor may there be adequate time for analysis and evaluation of alternatives, decision making, planning, preparation and implementation of a new operating system. The right time to act is now. There are proven “defence-in-depth” security products available to provide protection for industrial networks.
For more information about current threats to networked industrial equipment, a comprehensive 18-page White Paper “Hacking the Industrial Network,” including footnotes, clickable Internet research links and detailed references is available for download at www.innominate.com.
Torsten Rössel is the Director of Business Development for Innominate Security Technologies AG in Berlin. He is a frequent speaker at industry conferences, and author of numerous articles on the protection of networked industrial systems and secured remote services for machinery over the Internet. He is available at: troessel@innominate.com
Print this page | E-mail this page
This isn't a paywall. It's a Freewall. We don't want to get in the way of what you came here for, so this will only take a few seconds.
Register Now