In today's connected world the threat of cyber-attacks is a concern for major corporations and SMEs alike. Due to the hyper-sensitive nature of the data, one of the most targeted areas of online attacks is in the medical industry, meaning robust online security measures are not only advisable, they are critical.
Using modern operating systems which are kept completely updated is key in the fight against online crime. One of the most common mechanisms for cyber attackers is to not only find weaknesses in operating system software, but also exploit software that has not had previous weaknesses patched by updates. Once a virus or breach has been reported, software developers create a patch to secure it and roll it out in the form of software updates. Hackers will often "reverse engineer" this update to learn what vulnerability it is securing, then design a virus which exploits users who have not yet updated their software.
To limit these vulnerabilities between updates, Windows 10
IoT Enterprise LTSB has key advantages in customisation as well as lock-down features which prevent unauthorised system configuration changes taking place.
Disabling feature updates
If the device has an internet connection then the operating system can automatically update to the next released
distribution version without notice, which could cause application issues as well as system outages. The ability to disable Windows 10 feature updates is key to the reliability of
embedded systems, as this allows the operating system to be deployed at a known working and fully tested point if feature updates are left enabled.
Unified write filter (UWF)
A unified write filter can be utilised to protect the disk volume, which intercepts all writes made to the protected disk and redirects them to a virtual overlay. Here, the data is stored or allowed to write through to the protected volume (depending on your configuration), which improves the reliability and stability of your embedded device and helps to:
- Increase the disk life by reducing the read write cycles to the protected volume.
- Protect against disk corruption in the case of power outages, as the only data that can be damaged is in the overlay and this is refreshed from the protected volume when the device is rebooted.
- Protect against unauthorized application installs or system changes as the system is always booted from a known state / configuration.
Secure Boot
Secure Boot can be utilised which protects the device during boot time, and is the first policy enforcement point stopping unauthorised code / scripts from being executed during the boot phase. It restricts the system to only allow execution of binaries signed by a specified authority, and prevents unknown code from being executed on the platform and potentially weakening the security of the device.
For more information on our custom embedded operating system services
click here to get in touch, or speak to one of our technical sales team by calling 01782 337 800.