Outdated Computers and Operating Systems
Cyber Security has established Minimum Security Requirements for connecting to the Berkeley Lab network. We understand that there are computers running older operating systems, including computers controlling specialized scientific instruments, that may no longer be supported the manufacturer or software vendor. Older hardware may also not support the latest operating systems or software applications. While Cyber Security maintains the right to block or isolate a machine due to outdated patches or applications, we provide the following tips for cases where outdated hardware or OSs cannot be easily upgraded. Please consider that IT has resources to help provide low cost but updated machines in cases where the hardware or OS is no longer being maintained.
- Disable Java, Flash and other 3rd party plugins
Disabling web browser plugins helps reduce one of the most common vectors of attack against an older system. Many older operating systems cannot run the latest versions of these plugins and will be blocked by Cyber Security. The following page describing some of the tools for checking plugin versions and keeping them updated:
Web Browser Plugin Security
You can get assistance from the IT help desk or your IT support contact for disabling plugins which can no longer be updated. The repercussions of disabling Java vary widely. Some people use web applications that require Java, so disabling it may render these applications inoperable. Others will find that disabling Java doesn't affect their daily work and may allow them to continue to use an older machine with much less risk of compromise.
- Instructions to disable Java on many browser and platforms are here
- Detailed OSX specific instructions are here
- Use a firewall to protect the outdated system
Many older operating systems don't have host firewalls available, potentially leaving them open to attacks from the LBL network or the internet at large. Using a hardware firewall can help protect an older system. Contact your IT support staff for more information on obtaining an appropriate firewall device.
- Disconnect from the network
While this suggestion may seem implausible, there are machines which serve a particular function, like controlling a piece of equipment, but don't need access to the network. Removing the network access removes the risk of network attacks and allows the continued operation of older computers to serve a dedicated purpose.
- Don't use the computer to browse the internet
If disconnection from the internet isn't possible (for instance if data still needs to be copied from an older machine), we strongly advise against using a web browser for daily internet work on a machine running an outdated operating system or software. Please consider upgrading the machine to protect your own data as well as the security of other lab computers.