Keeping it patched is useless if you want to keep out anything more than script kiddies.
It workstation or personal computer security policy is very different in certain ways to that for other circumstances and this is one of them.
Patching ritually can introduce problems when your situation is particularly sensitive so you don't just do things in the traditional ticking checkboxes approach or just doing the things that are well known to do but people don't really understand.
However, removing or otherwise disabling anything that's not needed is universally applicable. You would turn off virtually all network services except perhaps basic DHCP, etc.
The biggest problem for things like SMB is that they have a long history of having things like remote execution exploits. It's also a black box and a hard service to trust as it's often more lumbering than you need.
Signing is for local network security which is another problem. Actually it can be quite a big problem if someone is able to plug in something that detects the voting machine then tries to rival its shares and manages to do either MIM or just manufacture the data in the same format.
It's worse if they can alter the master record because you can't just go back then and check again so easily.
I'm going to have to disagree with the first statement—Windows is so full of holes that you're in trouble if you're connected to the internet without your security patches (or at least deploying some sort of mitigation for the vulnerability). My comment was specifically for securing SMB shares, but yes, there's a lot you need to do in order to properly secure Windows, which is why it's dangerous to put our voting infrastructure on that platform and connect it to a network.
I'm less concerned with remote code execution in SMB (although this thing probably hasn't been updated in a while) and more concerned with user enumeration, anonymous shares, etc. And if an attackers happens to know the password for a user on the box and SMB is open, it's pwned. It also needs to only allow SMBv3. SMB signing isn't signing the data—it's a security technique that prevents SMB relay attacks, which is important if these machines are connected to a network that's going to be accessing the shares.
Another thing that'll probably make you sick is that these machines have autorun enabled. So it would only take a flash drive with a malicious executable to compromise the entire thing. Yeah, there are security covers for the USB ports, but that shouldn't even be a question.
When security is critical you normally block all network. Everything is allow deny.
The only holes are the ones you make. Though in the worst case your firewall can be vulnerable as well. I tend to have systems that there's no network possible except VPN out and then everything else rides over that.
There's no such thing as perfect security though unless you can attend the machine at all times and not have any of your kids kidnapped and held hostage for you to use your access. Two man systems become ridiculous though a bipartisan system like that, pair ballot counting or two people lifting a weight only two can lift as the key so to speak might not be a bad idea for some insane literally biparty system. There are also one party two party systems you can make where the use of a blind fold makes it hard for them to cheat because they won't cheat in concert and it wont match.
Autorun should definitely not be left on. That kind of lack of being thorough on its own isn't the sickening thing. It's that you know if they didn't do stuff like that then there's probably a lot of other things they didn't do either.
Poorly setup SMB could easily be trivially exploited by anyone who can access the network and especially anyone who has control over the network. Though it's easier to exploit it should be easier to detect as well if they put in proper measures. You should at least be able to take a read out on the screen that can confirm what you have on file even if it's just a summary of the critical overalls.
Keeping it patched is useless if you want to keep out anything more than script kiddies.
It workstation or personal computer security policy is very different in certain ways to that for other circumstances and this is one of them.
Patching ritually can introduce problems when your situation is particularly sensitive so you don't just do things in the traditional ticking checkboxes approach or just doing the things that are well known to do but people don't really understand.
However, removing or otherwise disabling anything that's not needed is universally applicable. You would turn off virtually all network services except perhaps basic DHCP, etc.
The biggest problem for things like SMB is that they have a long history of having things like remote execution exploits. It's also a black box and a hard service to trust as it's often more lumbering than you need.
Signing is for local network security which is another problem. Actually it can be quite a big problem if someone is able to plug in something that detects the voting machine then tries to rival its shares and manages to do either MIM or just manufacture the data in the same format.
It's worse if they can alter the master record because you can't just go back then and check again so easily.
I'm going to have to disagree with the first statement—Windows is so full of holes that you're in trouble if you're connected to the internet without your security patches (or at least deploying some sort of mitigation for the vulnerability). My comment was specifically for securing SMB shares, but yes, there's a lot you need to do in order to properly secure Windows, which is why it's dangerous to put our voting infrastructure on that platform and connect it to a network.
I'm less concerned with remote code execution in SMB (although this thing probably hasn't been updated in a while) and more concerned with user enumeration, anonymous shares, etc. And if an attackers happens to know the password for a user on the box and SMB is open, it's pwned. It also needs to only allow SMBv3. SMB signing isn't signing the data—it's a security technique that prevents SMB relay attacks, which is important if these machines are connected to a network that's going to be accessing the shares.
Another thing that'll probably make you sick is that these machines have autorun enabled. So it would only take a flash drive with a malicious executable to compromise the entire thing. Yeah, there are security covers for the USB ports, but that shouldn't even be a question.
When security is critical you normally block all network. Everything is allow deny.
The only holes are the ones you make. Though in the worst case your firewall can be vulnerable as well. I tend to have systems that there's no network possible except VPN out and then everything else rides over that.
There's no such thing as perfect security though unless you can attend the machine at all times and not have any of your kids kidnapped and held hostage for you to use your access. Two man systems become ridiculous though a bipartisan system like that, pair ballot counting or two people lifting a weight only two can lift as the key so to speak might not be a bad idea for some insane literally biparty system. There are also one party two party systems you can make where the use of a blind fold makes it hard for them to cheat because they won't cheat in concert and it wont match.
Autorun should definitely not be left on. That kind of lack of being thorough on its own isn't the sickening thing. It's that you know if they didn't do stuff like that then there's probably a lot of other things they didn't do either.
Poorly setup SMB could easily be trivially exploited by anyone who can access the network and especially anyone who has control over the network. Though it's easier to exploit it should be easier to detect as well if they put in proper measures. You should at least be able to take a read out on the screen that can confirm what you have on file even if it's just a summary of the critical overalls.