General discussion


Maintain secure legacy systems

By debate ·
What legacy systems does your organization still use? What steps does your organization take to ensure these systems operate securely? Share your comments about safely supporting legacy systems, as discussed in the May 3 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

legacy vs. insecure

by shiny_topadm In reply to Maintain secure legacy sy ...

First, the phrase "legacy system" (which sounds like a negative) bugs me, as our main business-critical applications are not running on any flavor of Windows and are not on our PC network. The bulk of the code was written more than 4 years ago, so if that's the definition of legacy, so be it. We have an IBM RS/6000 server running AIX. Security?, well for starters, it's not connected to the internet or to the part of our network that is. It runs no web-enabled apps and only has local (internal) messaging capability (by our choice). I don't allow anonymous logins or anonymous ftp. We connect to one remote site via a point-to-point frame-relay circuit, not any part of the PSTN "cloud". We use logging and auditing, and I read the logs. If a user needs to connect and communicate to the outside world, they use their PC and the internet. If they need to work on our system, they use the terminal I provided. That's how I kep our organization's critical data and applications secure.

Collapse -

It's now Microsoft's VirtualPC...

by rdsmith In reply to Maintain secure legacy sy ...

Microsoft bought out Connectix last year. Microsoft has
updated VirtualPC for Mac OS X once since then and has
produced a new version, VirtualPC 2004 for Windows.

I used the Connectix version for Windows and VMware. If you
running a MS OS then VirtualPC is OK, if you need to run a *nix
or BSD then you will need VMWare.

Collapse -

True legacy systems

by VAXenGuy In reply to Maintain secure legacy sy ...

A "true" legacy system, to me, is a non-Windows, non-PC-orientated system. Such as a DEC/Compaq/HP VMS system, running on VAX or Alpha hardware. Or an IBM mainframe (360/370/3090/390) using JES2, JES3, or whatever's current. These are legacy systems. The security on a VMS system can be heavy or light, but the "penetration factor" by hackers is quite low. Why?
It doesn't run their favorite targets---Microsoft software. No Outlook, No IE, No Office. Just a nice,
(relatively) simple, 30-yr old operating system.

The last Alpha system(s) I was using were spread out in 6 different cities, used by more than 15,000 users, accessed by various Windows-based PC's using a couple of non-Microsoft terminal emulation programs.

I never heard of any successful penetrations to these systems.

Collapse -

There's a reason we can't get rid of them...

by mhsemcheski In reply to Maintain secure legacy sy ...

And that reason is ISA. In my organization, we have lots of first generation Pentium's running Win 95. They are slow, a pain to administer, detached from the rest of the network out of necessity.

There's nothing we'd like more than to get rid of the dinosaurs, but we have to keep them because they host various ISA boards that are essential to our operations. For instance, we use one system to plot points on the stage of a microscope. It has an ISA interface card. Its not easy to find new hardware that supports ISA, so when one of these things goes (and they will go) we are kind of stuck.

It would be great to buy a beefy Athlon 64 and let it run all of these things as virtual machines, but due to ISA its out of the question.

The other thing we use DOS systems for are real time tasks. Can't run a real time system on a virtual machine, of course. I know there are other RTOS out there, but we have a very significant investment in DOS applications (I didn't believe it before I got here).

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums