Viewable by the world

Background

Beginning September 2, 2014, Windows XP and Windows 2000 computers are not allowed on the Lab network.  Computers identified as Windows XP/2000 will be immediately blocked from network access.

Microsoft's support for Windows XP ended April 2014 and support for Windows 2000 ended in July 2010.  Neither of these operating systems can be secured, since Microsoft provides no updates. Computers running Windows XP and Windows 2000 are increasingly vulnerable to online threats such as viruses and hackers. 

Options

How to upgrade

You have two options to upgrade your current computer: Windows 7 or Windows 8. Make sure your computer meets the hardware requirements for Windows 7 or Windows 8 and acquire it from software.lbl.gov for $139.  You can perform the upgrade yourself or contact the IT helpdesk at help.lbl.gov or x4357 to get assistance with the upgrade.  The helpdesk can advise if there will be a charge for assistance, based on how your division gets its computer support.

I need a new computer

Another option is a fresh start, new hardware with a new OS. If you wish to replace your computer, contact the IT helpdesk. Maybe this is your nudge to a Mac, Linux, or ChromeOS computer?  Macs have become a popular replacement to Windows. Linux Mint and Ubuntu provide familiar desktop experiences for Windows users at no cost.  

Request temporary exceptions (closed)

You have an expensive spectrometer or microscope with embedded Windows XP or software that only runs on Windows XP.   If your case sounds like this, you can file for a temporary exception.  We expect to make minimal exceptions for extraordinary circumstances and no exceptions for general purpose workstations or laptops. Exceptions will be based on impact to the Laboratory mission (e.g. major scientific or business disruption).  Exceptions have the following requirements:

    • Will be blocked from Internet access on Sept 2, 2014.
    • Only allowed for static IP addresses, request a static IP here before requesting an exception.
    • Will be required to implement additional compensating controls to further limit access going forward.

You can request a temporary exception here.  (The exception process is now closed, please contact [email protected] for questions)

Important: Exceptions are subject to change.  A new critical vulnerability discovered in Windows XP may lead to cyber security immediately blocking all Windows XP, regardless of the exception status or work being done on the device, to protect the Lab.  You should prioritize moving off of Windows XP.  

FAQ 

  1. When will LBNL block Windows XP/2000 computers without an exception?

    September 2, 2014 
     
  2. How will LBNL block Window XP/2000 computers without an exception?

    On Sept 2, Cyber Security will take the following actions:
    • DHCP computers will be isolated, preventing all network access.
    • Static IP address computers will be blocked from Internet access (border blocked).  On-site access will still be allowed.
    • Access for DHCP and Static IP can be temporarily restored (until Oct. 1) by contacting the IT help desk. 

    On Oct 1, Cyber Security will further secure XP machines with the following actions: 
    • DHCP computers will be denied boot, preventing all network access.  
    • Static IP address computers will be blocked from all network access (null routed). 
    • Access cannot be restored.

  3. Where can I see the list of approved exceptions?

    The list of approved exceptions is published here.  This page is only accessible to Lab employees, you will have to authenticate to commons (look in the lower right of this page to authenticate) in order to view the exceptions list.  
     
  4. What about wireless?

    All of the details and plans above apply to the wireless network as well, however, static IP addresses are not available on wireless.  If you need a temporary exception make sure your XP machine is on the wired network and has a static IP address assigned.
     
  5. How does LBNL know if a computer is Windows XP/2000?

    We have several techniques in place to track which computers are running Windows XP or Windows 2000.   This data will be used to remove all Windows XP/2000 computer from the network on September 2, 2014. 
     




  • No labels