Tuesday, July 14, 2015
"Vendor-supported operating systems and devices are a crucial part of any environment that aims to maintain a high level of security and compliance," said Steve Robb, Senior Vice President at ControlScan Inc., an Atlanta-based provider of data security and compliance solutions for small and midsized businesses. "The bad guys won't stop writing malicious code or looking for flaws, so when a vendor stops fixing those flaws within a given operating system, any instance of that system within an environment immediately introduces risk."
Unlike client operating systems such as Windows XP, Vista, 7, 8 and 10, most servers are uniquely configured according to organizational requirements, making maintenance more time consuming and complex. Servers generally store personal data and operation-critical information that make them attractive targets for cyber criminals. Additionally, many of these server platforms have public-facing views that could potentially expose them to backdoor attacks.
The Windows Server 2003 Migration Planning Assistant on the Microsoft website is designed to simplify and expedite the server upgrade process, summarized on the Microsoft website in the following four steps:
A majority of large organizations have already planned and executed enterprise-wide migration of their server platforms far in advance of the July deadline. Microsoft is encouraging small to midsized businesses to follow suit by migrating to Windows Server 2012 R2, Microsoft Azure or Office 365.
Microsoft warned that failure to upgrade existing Windows Server 2003 may result in the following four outcomes:
"When client servers and operating systems have been around for 12 years, it eventually becomes too burdensome to keep them up to date," said Karl Sigler, Threat Intelligence Manager at Trustwave Holdings Inc. "Organizations that are still running Windows Server 2003 need to look at a migration plan."
Sigler has observed a variety of migration strategies among Trustwave's diversified global clientele, ranging from straight adoption of Windows Server 2012 to a "half-step to Windows 2008," to a wholesale swap-out from Windows to Linux operating systems.
Microsoft's decision to end the product life of Windows 2003 has been widely publicized for several years. However, Sigler said, "If you're just thinking about it this week, the good news is that there's still time to migrate and put up additional protections to mitigate risk."
If organizations are not able to upgrade their systems in the near term, Sigler recommended segmentation to keep Windows 2003 on its own network. Segmenting combined with continuous network monitoring and filtering will help to identify and contain any potential data security breaches.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.