09 Jul, 2022

"Windows 2000" for JR signage, is this a security risk?

Solve business issues by integrating IT and management

What is Business + IT?

Newsletter Registration

What is Business + IT?

Sales Strategy

Cost Reduction

Organizational Reform

Production and Manufacturing

Crisis Management

Compliance

Energy-saving/environmental response

By industry/scale

Core system

Information system

Operation management< /li>

Security

Network

Mobile

Hardware

Development

Related genres

"Windows 2000" on JR's signage, is this a security risk?

On October 10, 2021, the "Windows 2000 startup screen" displayed on the signage inside the JR station, which was restarted due to trouble, was spread on SNS. This is the sort of thing that is often posted when signage or kiosk terminal errors or failures occur, but the comments were split between the opinion that "use of old Windows is a security risk" and the opinion that "no, it's an intranet, so there's no problem. Rather, it's safe." which one is correct?

Freelance Writer Shinji Nakao

Freelance writer and editor. From editing ASCII books, through O'Reilly Japan, she handles translation, writing, interviews, etc. regardless of whether it is paper or the web. Mostly IT-related, but occasionally writes for automobile-related media. I've been using the Internet (I didn't say that) since UUCP.

Windows 2000 installed in business systems since before IoT
The question "Is such an OS okay?"
There is no problem because it is a closed network Counterargument
The more secure the system, the more vulnerable it is to internal attacks
Exploring where risk and availability fall off

From before IoT to business systems Equipped with Windows 2000

On October 10, 2021, the Yamanote Line and Keihin-Tohoku Line stopped operating due to a substation fire. At this time, it became a hot topic on SNS etc. that the operation information signage in the JR station premises was the Windows 2000 startup screen. As the name suggests, Windows 2000 was intended to be a new OS in the 2000s. As a genealogy, it follows the flow of Windows NT, which strengthened server applications and multi-users, from the Windows OS (1.0 to 3.x) developed by Microsoft. Windows NT is an OS developed by OS/2 developers with whom IBM was deeply involved. It is also the OS that created the trend of Windows being differentiated into PC OS and server OS. From that NT, in addition to task management, process management, access control functions such as user + device, Windows 2000, which has enhanced network functions as a server OS, has an embedded version. By making it easy to connect to the Internet and IP networks, it was often used in high-performance devices such as POS systems, business equipment, ticket vending machines, convenience store terminals, and signage (public screens) even before the word IoT was coined. By the way, until then, Microsoft had implemented its own LAN protocols and networks in its own OS, and even TCP/IP-compliant applications implemented RFCs with peculiarities.

The question ``Is such an OS okay?''

On October 10, 2021, the signage in the JR station, which had to be restarted due to trouble at the substation, was one such application. deaf. In the past, there have been cases where the screens of ATM terminals and ticket vending machines that have become blue screens due to sudden failures have been uploaded to SNS. Because it happened by chance, it was spread as a social media story rather than a problem, but this time, trains stopped and power outages occurred in the surrounding area. It became clear, and voices were raised saying, "Is security okay?" It is now well known that vulnerabilities in IoT devices and how to deal with them pose a security problem. IoT devices and systems that are not PCs are outside the scope of endpoint security such as anti-virus software, and security updates and patch support are difficult. It is not wrong to point out that ``the use of an old OS whose support has stopped is inappropriate as a transportation infrastructure system.'' Opinions that worry about the situation are reasonable.

An objection that there is no problem because it is a closed network

However, there are also counterarguments to this. It is argued that the information signage that has been pointed out as a problem is not dangerous because it uses JR's internal network. Vulnerabilities may remain in the OS itself, but since it is not connected to the Internet in the first place, there is no intrusion or hacking from the outside. Dedicated devices such as embedded devices are often maintenance-free and operated for a long period of time. It is more rational to give priority to system stability with dead technology. It is not uncommon for control systems and embedded systems to have systems that run on obsolete OSs and programs that are more than 10 years old. "This is also a reasonable opinion." Web cameras, Wi-Fi routers, multi-function devices, etc. are vulnerable because they are connected to the Internet. Internet-connected systems can use crawling or databases like Shodan. Attackers can remotely discover compromised devices around the world. In recent years, the mainstream of botnets is shifting from unpatched ordinary PCs to IoT devices other than PCs. I can say that. "Then which claim is correct?" [Next page] Stronger systems are more vulnerable to internal attacks

Seminars on security strategy

Security Strategy Genre Topics

To list

Security Strategy Genre IT introduction support information

To list

SB Creative Co., Ltd.

Business + IT is operated by SB Creative Corp. of the SoftBank Group.

By registering as a business+IT member, you can subscribe to members-only content and e-mail newsletters, and be invited to special seminars!

Prev Next