Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/6/2017
10:30 AM
Kenny Covington
Kenny Covington
Commentary
50%
50%

Advice for Windows Migrations: Automate as Much as Possible

The security lessons Riverside Health System learned when moving to Windows 7 will help it quickly move to Windows 10.

The recent news that the WannaCry virus had impaired the UK's National Health Service's ability to provide care for its tens of millions of patients was scary for all of us working in IT. As a systems administrator for more than 20 years at nonprofit US healthcare provider Riverside Health System, I felt sympathetic.

When reports emerged suggesting that the vulnerability exploited by the hackers was caused by the NHS running Windows XP, I identified in a whole new way. Although Riverside migrated from Windows XP some time ago, it was a challenging process and had a steep learning curve. Riverside isn't on the scale of the NHS (we have about 9,500 machines now, mostly Windows), but all healthcare providers will face similar challenges.

Fortunately for us, and unlike many other healthcare providers, we could take solace in knowing that 90% of our environment was already protected through our normal monthly patch cycle, because we've automated that process. The remaining 10% for which we had to take special measures are those "problem children" unable to receive a patch because of their own technical faults. This is something we're hoping we can remedy as we move to Windows 10.

Riverside completed its Windows 7 migration a couple of years ago. However, if there's a lesson in last month's unfortunate events, it's that none of us should rest on our laurels. The more up-to-date your software, patches, and operating system are, the better. WannaCry is a loud wake-up call reminding us that we all need to stay current. As a result, we're planning to accelerate our move to Windows 10.

Key Lesson
When we started our Windows 7 migration, we did it the old-fashioned, manual way, running a master image (also known as a golden image) for Windows 7 that we provided to our techs. It was a very hands-on approach — each tech had time to build one, maybe two per day, if he or she was lucky — and we had about 4,800 devices to update. We had tons of different makes and models of hardware that hadn't been standardized. It quickly became clear to managers that they were going to have to hire more than $600,000 worth of labor to come in and do the process if we wanted it done within two to three years.

Check out the all-star panels at the 'Understanding Cyber Attackers & Cyber Threats' event June 21 and get an in-depth look at your cyber adversaries. Click here to register. 

The other option was automation. We thought we could leverage Microsoft's Configuration Manager, but it would not allow us to propagate such a large image across the T1 network. Then we decided to research third-party vendors that offer automation. In the end, we went with 1E, whose peer-to-peer technology suited our needs. Automation proved key for ensuring that machines could be migrated quickly but consistently to Windows 7: each individual machine has a lot of unique data on it, so it was great to use the migration tools, back up the data on a local machine on the subnet, capture everything, and then restore it cleanly. In the end, 1E's tools helped us compress our Windows 7 upgrade from the two to three years we expected down to one year.

The Road to Windows 10
As we ready ourselves for Windows 10, we face a similarly challenging environment: lots of unique data on the machine, the question of where and how you store it, and how you get these packages across the network quickly. We still have our automation infrastructure in place to deal with these problems. But there are other lessons we're looking to carry over, too, as well as some new challenges we will face.

One difference with Windows 10 concerns its high-speed release cadence. As the WannaCry attack reminds us, from a security point of view, you want to not only be using the latest OS but the latest version of it, and patched as much as possible. In addition, we're planning to migrate swiftly, to avoid having several different flavors of Windows 10 at the same time. Automation will help.

Another challenge for us is that we're looking to go to a 64-bit operating system across the board. With the last migration, to simplify the migration process we stayed with the same OS processor architecture type on each device for compatibility reasons. If the PC was a 64-bit XP machine, then it got 64-bit Windows 7, and if it had a 32-bit system, it got 32-bit Windows 7. We've had vendor applications that absolutely will not run in one version or another. Without an operating systems deployment migration process that allows us to quickly rebuild those machines, that, too, would be a very big undertaking.

We begin our Windows 10 migration very soon. Despite all the challenges and changes,  although consultants told us Windows migrations typically take several years, we believe we can do it in one (or even faster) with automation. Accelerating the move not only improves our security posture but also helps us continue to give our end users and medical professionals a consistent experience — something they've come to value from our IT team.

Related Content:

Kenny Covington, System Administrator for Riverside Health System, based in Newport News, Virginia, has been a member of the information system staff for over 21 years. He originally was hired as a PC technician at age 16 and has been involved with the endpoint side of the IT ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Alicialynch
50%
50%
Alicialynch,
User Rank: Apprentice
6/7/2017 | 7:32:10 PM
Other migration tools
There are a number of alternatives to crappy free tools. Ive worked for places that used the free tool from MS, which was a disaster. Ive heard good reports from other techs about the tool from Tranxition. Heat software also has one as part of their DSM tool..
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18238
PUBLISHED: 2020-02-26
Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to a...
CVE-2019-17274
PUBLISHED: 2020-02-26
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
CVE-2019-17275
PUBLISHED: 2020-02-26
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
CVE-2020-3169
PUBLISHED: 2020-02-26
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a spe...
CVE-2020-3170
PUBLISHED: 2020-02-26
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl...