Risk Mitigation for Legacy Windows NT 4.0 Systems
by William Lynch - Manager with CTG’s Information Security Services Practice - Wednesday, 3 January 2007.
Finally, a more robust isolation solution might entail moving the Windows NT 4.0 systems to an isolated subnet and using a Citrix front-end to control user interaction with the NT 4.0 systems. Assuming that your users currently use a front-end local application to interact with the NT 4.0 back-end systems, you would simply move the front-end application to a Citrix server in front of the isolated Windows NT 4.0 systems and eliminate any direct access to the Windows NT 4.0 isolated network.

Virtualization

Depending on the application in use on the legacy Windows NT 4.0 system, virtualization could be a good choice for replacement. Using VMWare, you could schedule systematic snapshots, which could allow for a quick recovery in the event of compromise. An added benefit here would also be that you’re no longer dependant on the aging hardware which may also be no longer supported by the hardware vendor. However, without isolation, either through the VM product or otherwise, your legacy systems could still be used as attack platforms for attacking the rest of your network.

If your legacy system contains only static data, then one extremely low-cost and secure solution would be to roll the Windows NT 4.0 system into a non-networked VM that is accessed locally using the freely available VMWare Player software. If networking is disabled then any network security problems associated with Windows NT 4.0 are all but eliminated.

Summary

Continuing to run unsupported legacy operating systems such as Windows NT 4.0 can be a serious risk to organizational security and compliance. Since they receive no security patches, these systems are vulnerable to many potential exploits and worms. However, in this article we looked at several low-cost ways to mitigate the risk though replacement, isolation, and virtualization.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //