Maintaining the PNA in a Secured Environment (Incl. ECal Modules)

 

Overview

In many cases it is imperative that the PNA be used in a secured environment. Generally these secured environments will not allow any test equipment to leave the area unless it can be proven that all devices capable of maintaining memory have been thoroughly erased. This, in conjunction with the Windows operating system, presents some difficulties when the PNA must be transported to a non-secure environment such as a repair/calibration facility. This document describes the types of memory used in the PNA and describes a method to maintain security under these conditions. Please note that much of this information is dependent upon the CPU board used in your PNA.
For purposes of this document, these are divided into

  • 266MHz CPU
  • 500MHz CPU
  • 1.1GHz CPU
  • 1.6GHz CPU
  • 2.0GHz Core Duo CPU
  • 2.0GHz i7 CPU
  • 1.87GHz Celeron CPU
  • 2.2GHz CPU
Look here to determine your CPU type. All PNAs shipped from about March 2002 to about April 2006 had the 500MHz CPU board. Since then, all older-style PNAs (the ones with the 8.4-inch display) had the 1.1GHz CPU. The PNA-X family (N524xA and N5264A) shipped with 1.6 GHz CPU board up until about Sept 2009 when they switched to a 2.0GHz Core Duo CPU board. Starting in late 2011 a 2.0 GHz i7 processor was used. The new PNA-L family (N5231A-N5239A) uses a 1.87GHz Celeron CPU. Starting in early 2016, all CPUs switched over to a 2.2GHz version. These 5 newer CPUs are all easily removable and are somewhat similar. All except the 1.6GHz CPU have easily removeable hard drives. The 1.6GHz model has the HDD enclosed within the CPU assembly. The N522xA family originally shipped with the 2 GHz i7 processor; the N5231A-N5239A originally shipped with the 1.87GHz CPU.

Note: The terms PNA, PNA-L and PNA-X all refer to the overall PNA family. The PNA-L and PNA-X refer to specific models, but for the purposes of this document, all are part of the PNA family. Some features only refer to the newer PNA models and those are denoted by the term NEWER. These are the units with the larger 10.4-inch display or the even newer 12.1-inch displays (on the B models). This document applies to the entire PNA family of analyzers including, but not limited to, all model variations of E835xA, E880xA, N338xA, E836xA/B/C, N522xA/B, N5230A/C, N5231A/B-N5239A/B, N524xA/B, and N526xA/B.

Note: There are several references to floppy disks below. Only the oldest PNAs have a floppy drive. For backup purposes use a USB pen drive instead.

Battery Information

There are no batteries in the PNA other than the one used to power the clock chip on the CPU board. This is a typical button-type Lithium battery; #2335 for older PNAs (266 or 500MHz), or #2032 for newer PNAs.

Types of Memory

The PNA has several types of memory.

  • All PNAs have from 64MB to 8GB of SDRAM in one or two SODIMMs or DIMMs, but this is volatile memory and it loses its memory as soon as the PNA is shut down or hibernated. This is not a security concern.
  • The main non-volatile device is, of course, the hard drive. Before April of 2004, this was a 10GB 2.5inch hard drive. From 2004 until 2009, all units had a 40 GB hard drive with XP as the operating system. Starting in mid 2009, the hard drive changed to 80 GB. In 2010, most PNAs switched to using an SSD instead of a conventional rotating drive. As the hard drive market changes, so will the drive used in the PNA, however this does not affect the overall security process. The hard drive is a security concern.
  • The 500MHz CPU boards have a Compact Flash header which could contain non-volatile Compact Flash memory, however, none were installed at the time of shipment. This was for possible future uses, but has never been implemented. The presence of any compact flash card is not dealt with in this document. The new 2.2GHz CPU has an SD slot located under the hard drive. While someone could install an SD card, the PNA does not use this card and is shipped with nothing installed. Still, for security purposes, this slot should be checked for the presence of any card.
  • Some board assemblies, other than the CPU, may have zero to three serial EEPROM devices. These devices hold only 512 bytes each (not kB) and are not user accessible. These contain information related to the installed hardware, such as board serial number, options, correction constants, offsets, DAC values, etc. This data is required to make the PNA functional. This data can be changed only by factory personnel or by calibration labs when performing adjustments. No user data is stored in these locations!
  • Newer PNAs all have a 2MB Flash chip on the TestSet Motherboard that contains more extensive calibration data, DAC settings, correction constants, etc. It can only be accessed via the adjustment routines which limits the type of data that can be stored. The contents of this memory is not user accessible. In addition, the format of this memory is proprietary and contains a checksum to ensure nothing can change without following the proper adjustment procedure. This data is required to make the PNA functional. Because this memory is not user accessible and does not contain any user information, this is generally not considered a security concern.

Maintaining Security

Because it is virtually impossible to completely and selectively erase all user data on a Windows-based hard drive without also destroying the operating system, the best method for maintaining security when the PNA must be removed from a secure area is to replace the hard drive with a "non-secure" hard drive. i.e. a drive that has never had any sensitive data placed on it. This allows the PNA to still function properly in non-secured areas or for use when servicing. All PNAs except for the E8356A/57A/58A and early PNA-X units have an easily accessible hard drive on the rear panel (view picture for non-PNA-X models). The early PNA-X units with a 1.6GHz CPU are a bit more difficult to access; requiring the removal of about 20 screws. Newer PNA-X units (as of ~Sept 2009) and all newer PNA models introduced after 2011 have an easily removable hard drive tray on the rear of the CPU assembly (see picture). This document does not detail the step-by-step instructions of how to remove the hard drive (see service manual for this); instead, it documents the general steps needed to maintain security. This document assumes that this spare hard drive is on hand.

Keysight has available a pre-configured hard drive for the PNA which must be purchased in order for this security method to work. Because there are multiple different CPU boards and different mounting methods, the proper part number must be ordered. Complete information regarding part numbers is available on our HDD part number page.

As shipped from the factory, all PNAs have very little unique information stored on the hard drive. This allows one hard drive to function on most any PNA assuming it has the appropriate type of CPU. However, on older instruments there are a few small instrument-specific files that contain some factory correction data. This is NOT applicable to newer PNAs (all PNAs with the 10.4-inch or larger display.) For specified performance, these must be copied over to whichever hard drive is being used. These files all begin with   mxcalfiles_ and are located in the directory: C:\Program Files\Agilent\Network Analyzer. There may be several of these files, all of them about 10kB in size. Whenever a new PNA is received, these files should be backed up to a floppy disk or pen drive; and don't forget to label the disk with the model/serial number. This will save you the trouble of performing service adjustment routines if the hard drive should ever fail in the future.

Step-by-Step Security

These steps should be followed to maintain security:

  1. Only for older PNAs with the small 8.4" display: Whenever a new PNA is received, or if this step has not yet been done, copy any files that begin with mxcalfiles_ to a floppy disk or pen drive. This disk should be maintained in a non-secure area.
  2. Purchase the appropriate spare hard drive and keep it with the above floppy disk/pen drive (if applicable.) Clearly mark this hard drive as "Unsecured!"
    3. In the event the secure PNA needs to be used elsewhere, or, if it needs servicing:
    • Remove the secure hard drive (label it as secured if desired) and keep it in the secured area.
    • Remove the PNA from the secured area and install the "unsecured" hard drive.
    • If not previously done, and if applicable, copy the mxcalfiles from the floppy disk/pen drive to the directory listed above (Again, not applicable to newer PNAs.)
    The PNA can now be used elsewhere or sent for servicing without fear of leaking any sensitive information.
When the PNA needs to be returned to the secured area, follow the below steps. Any servicing of the PNA may include the regeneration of correction constants. Most of these are contained in the on-board EEPROMs or Flash memory, so no action is necessary. The only exception is with the mxcalfiles on older instruments; see below (again, not applicable to newer PNAs.)
  1. If the PNA was sent out for servicing, you should first check to see if any of the mxcalfiles have been updated (check the last-modified date.) If so, these updated files should be copied to a floppy disk/pen drive so that they can be updated on the secured hard drive.
  2. Remove the unsecured hard drive, transport the PNA to the secured area, and replace the hard drive with the secured version
  3. If the mxcalfiles have changed, copy all new files saved to the floppy disk to the directory listed above.
  4. Also, if the PNA was sent out for servicing, it might have had its firmware updated; see below for more information about this.

A Quick Note Regarding Yearly Calibrations

Newer PNAs with the 10.4 inch or larger display have all calibration data stored in internal non-volatile memory; nothing is stored on the hard drive. This means that when the unsecured PNA is then transferred to the secure area, nothing else needs to be done. Simply remove the unsecure hard drive and replace it with the secured drive. You are then good to go; the latest calibration will still be in effect. Again, this only applies to PNAs with the larger screen (>=10.4 inch); older PNA will need the mxcalfiles transferred.

DSS Security Issues

Many military users and contracters in the US need to follow DSS guidelines for PC based systems. Since the PNA falls into that category, it will be subject to these regulations. If all DSS changes are made to the PNA, the PNA application will not run. We have found that only one change needs to be undone. Follow the below steps. The DSS regulations do allow for some exceptions, so this will have to be one of them.

  1. Click on Start-> Run
  2. Type in gpedit.msc
  3. Double-click on each: Local Computer Policy -> Computer Configuration -> Window Settings -> Security Settings -> Local Policies -> User Rights Assignment
  4. Double-click on "Impersonate a client after authentication"
  5. Click "Add user or group"
  6. Type "Service"
  7. Click OK
  8. Close the group policy editor
  9. Reboot the PNA

Another possible DSS security concern may be the generation of several security priviledge failures (all are error #577) in the Windows Security Audit listing. As of mid 2010, all PNAs will have these errors that occur whenever the PNA reboots. The error is benign and can be ignored, subject to DSS approval. It is due to the PNA application enumerating the user interface devices (specifically, the front panel controller.) If the user doesn't make both changes below, then the API that the PNA uses may cause a 577 warning to be recorded in the security event log.
The complete solution involves two steps: Newer firmware is required and another Group Policy setting needs to be changed. As of 2011, all PNAs have incorporated this group policy setting as shipped. For older units, make the changes below. The firmware needed is A.07.50.63 or above for older PNAs, and A.09.22.12 or above for XP based newer PNAs. Here are the steps to change the Group Policy Settings for the 577 errors:
  1. Follow steps 1 through 3 above.
  2. Double-click on "Act as part of the operating system"
  3. Click "Add User or Group"
  4. Type "everyone" (Note: if desired, you could add just specific users or just administrators , etc.)
  5. Click OK
  6. Close the group policy editor
  7. Reboot the PNA

Some third-party security routines that attempt to modify Windows settings may be hard-coded to assume the use of C:\Windows as the Windows directory. All PNAs with Windows 2000 or XP have always used the Windows 2000 convention of installing Windows in the WINNT directory. This can cause problems with security software if the author assumed that all systems use C:\Windows. Any software like this SHOULD have used the Windows environment variable name of %WINDIR% which will, for any XP PNA, always return "C:\WINNT".
There is no work-around for this; the PNA will not function if you attempt to change the Windows directory from WINNT. With Windows 7 or above, the normal default of C:\Windows is used.

Additional Notes

Firmware that has been updated on the unsecured hard drive during servicing can usually be copied to a memory media and used to update the secured hard drive. The recommended method is to use a USB pen drive (a.k.a. Flash drives) to copy the firmware upgrade file. This firmware installation file usually resides on the D:\Upgrades\Firmware directory. If not, the latest version can always be obtained via our Firmware Update page.

Any account names and passwords that have been created on either hard drive will not be available on the other drive unless they are manually installed; generally, this is a security advantage.

The use of another hard drive may generate a new Network ID (Computer Name) for the PNA upon initial boot up. If this is not desired, the Network ID should be changed immediately after boot-up. See your system's administrator for complete information.

Other Issues

It has been suggested that USB may pose a security risk, mainly due to the proliferation of USB pen drives that are very small and can store a TB of data or more. There are ways to prevent the operation of these devices without affecting the USB mouse or keyboard. Contact Keysight for more information, or download this USB Security Word document for details.

As shipped, the PNA may have a back-up administrator account that is designed to be used by Keysight service personnel. This also comes in handy when a user forgets their password. Any high security location will probably want to delete this account. However, if the administrator password is then forgotten, the entire C:\ partition may have to be re-imaged in order to make the system accesible again.

ECal Modules:

ECal modules (N469xx, 8509xx, etc) have either 1 or 8MB of Flash memory depending upon when shipped or when last serviced. Some portion of this memory is reserved for factory calibration data and this cannot be erased without destroying the functionality of the module. ECal modules may contain sensitive user data if an ECal characterization has ever been performed. To erase this data, two ECal Data Wipe Utilities have been developed which will destroy all user data per US DoD 5220.22-M. Note: The latest versions of ECal Wipe will also display the total memory installed.
The first utility can only be run on the PNA and requires firmware revision A.03.50 or above. Usually, this program is already installed on the PNA under the Service directory, however the linked version here may be newer.   Download this self extracting utility which contains both the program and instructions. All ECal models are listed in the instructions. Place it in any convenient directory on the PNA and execute it.
The second utility can be run on either a PC or the ENA (w/Firmware 9.2 or greater.) After the clear/sanitize/recall, the ECal needs to be unplugged/plugged again to reflect the ECal characterization status on the ENA firmware. Download this installation utility.

ECAL Letter of Volatility

This ECAL Letter of Volatility is a PDF document that covers most ECAL modules. Download this PDF document.

PNA Letter of Volatility

This Letter of Volatility PDF document covers all newer PNAs; those with the 10.4 inch or larger display. Download this pdf document.
A somewhat similar Letter of Volatility is also available for the E83xxC models and some earlier models. Download this pdf document.

More Information

Additional information for many Keysight products can be found on our Instrument Security page.

Last Updated: 14 Apr 2021