Time moves quickly in IT. During consulting engagements, we plan for a system to be upgraded or replaced every three years. However, due to circumstances beyond our control some systems are required to perform many years past their ‘best before date’. Operating systems are no exception. Two pertinent examples are Windows XP and Windows Server.
Windows XP was released October 25, 2001. It was used widely by home users and businesses alike. Windows XP was supported by Microsoft until April 8th, 2014. As of April 2016 2.75% of all desktop computers in Australia are still running Windows XP. 2.75% may not seem like a lot of computers but that small percentage could still represent tens of thousands of computers which are vulnerable to attack.
Windows Server 2003 was released April 24th, 2003. It was used extensively across enterprises around the world and was supported until July 14th, 2015. A March 2015 survey revealed that 61% of business are still running Server 2003.
Such as the cases of Windows XP and Server 2003, millions of computers are currently running on operating systems which are no longer supported by Microsoft.
What’s the risk of running unsupported Operating Systems?
CRN posted an article outlining five risks of not upgrading from Server 2003. Firstly, there are unpatched vulnerabilities that will present an extreme risk to legacy servers running Server 2003. These vulnerabilities are known as zero-day exploits. Normally, if a zero-day exploit is identified software vendors will create a patch to fix it and security vendors will create virus definitions that will protect from it. In the months leading up to the end of support, Microsoft released 25 bulletins for Server 2003. However, once the vendor no longer offers support for the software, they will no longer write patches and security vendors may or may not create new definitions either – this leaves existing servers vulnerable.
Secondly, hackers may update old vulnerabilities that have existed for many years. Both of the previous cases can lead to the third threat being the compromise of a server which can be used to attack the rest of the business’ infrastructure. Access to vulnerable Server 2003 computers may be easier than you think. Netcraft posted an article August 12th 2015 that claimed there were ~600,000 web sites hosted on servers running Server 2003. Once hackers have a foothold it’s only a matter of time before they breach the network.
There are legitimate reasons that businesses cannot retire their old 2003 servers and Windows XP workstations. If this is the case how can a business protect them? One answer is to use Symantec’s Data Centre Security: Server Advanced software (DCS). DCS has a client that can be installed onto your Windows XP and Server 2003 servers to protect them. DCS can apply both intrusion prevention (IPS) and intrusion detection (IDS) policies to protected endpoints.
The IPS functionality of DCS allows administrators to lock down administrative permissions. This means that only administrators explicitly enabled to configure a server will be able to install software or make changes. Applications are sandboxed which allows you to control exactly how an application hosted on the server runs. Networks can be configured very granularly with functionality very similar to that of a firewall.
The IDS functionality allows administrators to record logon and logoff events which can be useful to see who is accessing the computer. IDS can also monitor important files and registry keys which can be indicators of compromise. If necessary, the administrator can also lock down important files and registry keys to prevent them from being modified at all.
If there are violations to the IPS or IDS policies, events are recorded which allows administrators to audit the server. The administrator can then whitelist any events considered “normal” which will no longer raise events, allowing them to focus on real events. IPS and IDS events can be forwarded to a SEIM to aggregate and process the events which can identify breaches.
Windows XP and Windows Sever 2003 will be around for a number of years as businesses struggle to upgrade servers or their hosted applications. These legacy operating systems increase the attack surface that a business has and exposes them to increased risk of a breach which could result in data loss and a resulting loss of public confidence which could cost a lot of money. Symantec has solution which can significantly reduce the vulnerabilities found in Windows XP and Server 2003 with the use of intrusion prevention and intrusion detection capabilities.
Principal Security Consultant
|+61 407 324 902|
+64 204 112 7835 (NZ)