Managing MS Windows NT4
Bob Vieraitis, Solidcore Systems -- Control Engineering, 1/1/2008
In a manufacturing environment, change to critical IT systems such as production controllers on the plant floor, enterprise resource planning (ERP) systems, and directory or DNS systems can present considerable business risk. One special class of systems where any change, authorized or not, creates a high-risk proposition is legacy systems running the Microsoft Windows NT4 operating system.
Several of the world’s largest manufacturers still utilize a significant number of NT4 systems running everything from ERP in the datacenter to production controllers on the plant floor. These systems are supporting fragile legacy applications and are doing so with very limited computing resources. Applications include NT4-based workstations and servers in the manufacturing environment being used as human-machine interfaces (HMIs) and machine control computers. The computers run applications such as gauging, test, measurement, and fastening systems on the production floor.
Changes to these systems, including simple operating system patches, were causing in-production outages and downtime that threatened overall plant production. Additionally, the difficult task of repairing the legacy applications further extended manufacturing downtime. And while the simple answer seemed to be “don’t patch or change these systems,” this isn’t an option given the security requirements of most IT organizations. NT4 systems on the network had many vulnerabilities and they needed to be protected. Failure to protect the NT4 systems could result in additional downtime, lost or compromised data, penalties due to regulatory non-compliance, and other costly business risks.
Take the case of a major automotive manufacturer confronted with a daunting task: either continue patching or migrate their NT systems to a current platform. Microsoft has agreed to extend NT4 patch support for critical security vulnerabilities through 2009, but has made the cost of this support even more expensive than it was prior to the original 2006 deadline. This cost will increase non-linearly as the 2009 deadline approaches and, even if patches are available, applying them to the legacy applications is a risky proposition.
“From a patching perspective, it became cost-prohibitive for us to maintain a secure and operational state of these platforms,” said a plant operations system engineer for the manufacturer. “We needed to eliminate our dependence on Microsoft patches, mitigate risks from zero-day threats, and gain increased control over change to our plant floor infrastructure.”
The manufacturer chose to adopt a new approach to risk management for its critical production and plant floor systems — a “lock down” method of change control that could:
-
Categorically prevent all unauthorized code from executing;
-
Allow desired changes to the system via defined processes;
-
Record all changes to authorized code, as well as critical files and registry keys;
-
Record all attempts to make unauthorized changes;
-
Have a small footprint with no performance impact on existing applications; and
-
Require no ongoing maintenance, configuration or update.
The automotive manufacturer determined that Solidcore and its S3 Control software was the best fit to lock down the critical NT4 systems and build a continuous service availability infrastructure. “Security is a subset of the broader business problem for us when you look at unapproved and undocumented changes that can happen to these critical production systems,” said a system engineer with the plant operations team.
Solidcore’s S3 Control software is agent-based change control software that installs on NT4 systems. The software controls what software can change, as well as how, when, and by whom. It also determines what code can run based on authorized change control policies.
The change control software provided the plant floor IT team with the capability to enforce what could be installed, uninstalled, upgraded, or modified to the base software image of the networked NT systems in production. According to the company, the IT team installed and setup the software quickly with low initial and ongoing operational overhead, then worked to harden the gold base image of the NT4 systems.
The software also allowed the senior IT management team to dictate the degree of flexibility given to system engineers on the plant floor, which translated into greater control over what could be installed on the NT4 systems once in production.
“We conducted a rigorous evaluation of technologies to find the right fit, and made sure to test our methodology and the software on a small set of servers,” said the system engineer. “With Solidcore installed, we were able to verify the protection of files, ensure a newly installed executable could not be run, ensure over-the-wire OS [operating system] functions worked as expected, and ensure memory protection was enabled.”
From a security perspective, the software provided protection against existing and unknown zero-day threats by helping to control what code could be executed on the NT4 machines. By acting as a “concrete wrapper” around the gold base image of an NT4 system, the change control software helps ensure a server on the production floor cannot be compromised. And because any changes attempted by malicious code or unauthorized users are prevented, the reliance upon anti-virus and other security software packages is reduced. This lockdown mode helped eliminate previous emergency patching, reduced the number and frequency of patching cycles, and enabled more time for testing before patches were deployed to in-production systems.
The runtime control element of Solidcore’s change control software also helped this manufacturer reduce the cost of operations by reducing both planned patching and unplanned recovery downtime, thereby increasing system availability across the plant.
The company’s system engineer said the solution “allowed us to lock down the NT4 environment, but also allowed us to make policy-based changes to our critical NT systems when we needed to. It lets us patch and migrate our NT systems on our own schedule.”
View All Control Engineering Webcasts from CTL
