Windows 10 in Secure Environment

Toggle sidebar Toggle sidebar
R

rkicklighter

Honorable
Aug 2, 2013
14
0
10,510
I have a request from a customer to upgrade their Servers and Workstations, for the workstations they have requested Windows 10 (Pro or Enterprise) if possible.

This is in a highly secured environment where any new PC or Server is setup and tested offsite. Software loaded, current updates performed, etc.

Once the PC or Server goes through the doors of this facility it cannot ever leave (old ones are shredded onsite), and it cannot ever be connected to the outside world again, period. They are 100% fully air gapped to their own internal network.

Any and all updates for OS or any other software must be taken in via special encrypted flash drive they supply or on DVD. Anything going in is fully scanned by them before it goes into the facility.

My question is how will Windows 10 behave in this environment?

I have only played with Win10 on a virtual machine since most of the software I use won't run on it yet but I have heard horror stories on how it constantly wants to "phone home".

Anyone have experience, knowledge or comments on this?

Thanks!
 
Solution
USAFRet
Sort by date Sort by votes
warhead0

warhead0

Distinguished
Jul 24, 2011
1,308
0
19,960
Hard to say exactly, since we don't know the exact set-up.

I would be willing to bet that the owner is well aware on how to setup group policies and disable all automatic updating, but in some ways disabling automatic updates is a security risk of its own.

I'm going to say Windows 10 will be fine in this environment, maybe a little bit of background tweaking to be more compatible with your way of updating, but it can be done.
 
Upvote 0 Downvote
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
171,445
17,909
184,590
Upvote 0 Downvote
R

rkicklighter

Honorable
Aug 2, 2013
14
0
10,510


Thanks, I have already seen this and it is what's pushing my part as this is in fact USAF and other MIL facilities. The difference is the usual MIL computers are all connected to the MIL network and managed by their IT departments. Mine is on the CCN or Critical Controls Networks that is not and cannot be connected to MIL(think STUXNET). It has to be standalone which makes it even more of a PITA. Without saying too much, the CCN is for facilities and system control. The PCs and servers are for human machine interface graphics.

 
Upvote 0 Downvote
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
171,445
17,909
184,590


Right. I just posted that as a direction to get you started.
What have other people in the CCN world done? Surely you aren't the first to look int Win 10.
 
Upvote 0 Downvote
Solution
R

rkicklighter

Honorable
Aug 2, 2013
14
0
10,510


Unfortunately, yes I am the guinea pig and so is this first facility! Me and them are the usual ones who get to "work the bugs out" before deployment elsewhere. Our company makes the HMI and controller software many US military installations use. The software isn't even ready for Win10 yet! Development tells me end of 1st quarter but in usual fashion the site wants dollar values soon as possible.

 
Upvote 0 Downvote
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
171,445
17,909
184,590
Bottom line..it can't phone home if there is no actual connection. It can try all it wants to, but no matter how much it wants to, it can't.

Enterprise and GPO, you can turn off whatever you need. Specific settings will just have to take a lot of investigation.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom