We have an unusual request from a user. A user has a very expensive piece of laboratory equipment. The supplier of the instrument states that the software that controls the instrument cannot have updates or antivirus as it will interfere with communication. It is a one of a kind instrument and they state if those conditions are not met they will not support the device.
To make matters worse the user needs the foreign company to have remote access to the system to work on it as needed. Normally this would be a no, but this is a pretty important machine.
Obviously this seems like a network security nightmare but I can't think of a reason why it's a network security nightmare. Here are the details.
Note 3 - An unpatched, no antivirus, Windows XP system with 2 network cards, 1st NIC is a private IP that goes to the lab instrumentation and the 2nd NIC is another private IP that talks to a fully patched and secured Windows 10 system.
Note 2 - A fully patched, corporately approved Windows 10 system with 2 network cards. 1st NIC goes to the corporate network and the 2nd NIC is a private IP that talks to the Windows XP system. Essentially this is a jump box.
Note 1 - Outside company that needs remote access to the Windows XP machine. Company will remote into the fully secured Windows 10 machine. From there they will remote on the private side to the Windows XP machine.
In theory this sounds OK but I am still uneasy with this. There are some pretty smart people on here so I am asking how can this be exploited? Is there something I'm overlooking here?
Please focus on the tech as the political side I have no control over.
One more note. In the PIC below the instrumentation (4) should be going to the switch but you see my point. Also the switch could be replaced with a firewall to only allow 3389 from system 2 -> system 3
Question
We have an unusual request from a user. A user has a very expensive piece of laboratory equipment. The supplier of the instrument states that the software that controls the instrument cannot have updates or antivirus as it will interfere with communication. It is a one of a kind instrument and they state if those conditions are not met they will not support the device.
To make matters worse the user needs the foreign company to have remote access to the system to work on it as needed. Normally this would be a no, but this is a pretty important machine.
Obviously this seems like a network security nightmare but I can't think of a reason why it's a network security nightmare. Here are the details.
Note 3 - An unpatched, no antivirus, Windows XP system with 2 network cards, 1st NIC is a private IP that goes to the lab instrumentation and the 2nd NIC is another private IP that talks to a fully patched and secured Windows 10 system.
Note 2 - A fully patched, corporately approved Windows 10 system with 2 network cards. 1st NIC goes to the corporate network and the 2nd NIC is a private IP that talks to the Windows XP system. Essentially this is a jump box.
Note 1 - Outside company that needs remote access to the Windows XP machine. Company will remote into the fully secured Windows 10 machine. From there they will remote on the private side to the Windows XP machine.
In theory this sounds OK but I am still uneasy with this. There are some pretty smart people on here so I am asking how can this be exploited? Is there something I'm overlooking here?
Please focus on the tech as the political side I have no control over.
One more note. In the PIC below the instrumentation (4) should be going to the switch but you see my point. Also the switch could be replaced with a firewall to only allow 3389 from system 2 -> system 3
Link to post
Share on other sites
4 answers to this question
Recommended Posts