NT4 Security

The very first time I put finger to keyboard on a task to write some useful code was whilst serving in the RAF back in the early nineties. Judging by the decision made by the MOD to extend the life of the RAF’s NT4 network (see article as reported in Computer Weekly here) I wouldn’t be surprised if some of that code is still being used! The reason being given for this folly is that they have to wait for delivery of the new Defence Information Infrastructure before upgrading. Who’ll wager me that this will turn out to be yet another late, over-budget, delivery? (tip. you might want to reconsider your wager when you realise that the principle contractor, forming part of the Atlas Consortium responsible for this £4billion project is EDS whose most recent turn in the limelight was their incomplete Child Benefit Agency system. Read all about that fiasco here. Another contractor, Logica, also made recent headlines through their being canned by Transport for London over a failure to meet SLAs as reported here). In the meanwhile the RAF’s infrastructure is being run on an insecure, unsupported platform.

The number of excuses for still running NT4 is diminishing but, granted, some of us have no choice through circumstances so what should we be doing to ensure that we’re doing all we can to maintain security? I would suggest, at a minimum, ensuring that effective anti-malware\firewall controls are in place and that the NT4 domain is as isolated as possible. Utilise Host-based IPS and don’t give users access.

Taking into account that NT4 was released in 1996 then I fall into the category of people who didn’t curse Microsoft for ending support when they did: you wouldn’t expect Ford to provide free servicing to a 1996 model if it broke down tomorrow and given the speed the IT world moves at then I think MS did a good job of supporting it as far as they did. So, sensible cost effective precautions need to remain in place until you get around to trading up to something better.