Archive for January, 2015
Migrating Windows Server 2003 Can Save Your IT-Securityby ps
Ten years are enough. On 14th of July 2015 we have to wave Windows Server 2003 good-bye. Reason: End of Extended Support. Being the Windows XP of the server-world makes the farewell for millions of users still hard. But having no migration plan yet is putting your IT-security seriously at risk. No support means no more updates and affected systems will become a welcoming flaw for (cyber)intruders of all kinds. Custom Support may help but seems far too expensive to be a sound and long-term solution to security holes in your IT-landscape. Pro-actively planning your migration now can save you from some insomnia.
So what to do? Changing to another operating system like Unix or Linux? In theory Unix is a handy idea (less expensive and more secure than Windows) – in practice maybe in many cases not feasible because some of the most important applications could only be running on Windows based systems. Leaves the upgrade-option to the bulk of users. Windows Server 2012 R2 is Microsoft’s latest server operating system. Unfortunately, it is not able to execute 16bit applications and 32bit only via an emulator. Sounds as if compatibility issues may ruin your day? Right. Hence, just switch to Windows Server 2012 if you have already used the Windows Server 2003 64bit-edition before. Otherwise just update to Windows Server 2008 but keep in mind that the extended support for this product ends in 2020 and migration to-dos are only postponed not dealt with. Likewise, you can also rethink your attitude towards cloud-services – but as putting (sensitive) enterprise data on a public cloud is not to everybody’s taste, a hybrid solution may be a better alternative if migrating workloads is rather an issue than server (hard- and software-)upgrades.
Given the complex mixture of technical, commercial and legal issues arising out of migration requirements it is a wise thing starting today to execute your migration plans though being done with all the tasks involved in July this year will not be very realistic. Thus bridging security gaps by falling back on EMET (Enhanced Mitigation Experience Toolkit) and Intrusion Prevention Systems should be a matter of course as well as being able to isolate attacked systems.
Even if high-costs in developing new versions of old applications, acquiring 64bit versions or alternatives and/or upgrading hardware are involved and budgets are tight, it is difficult to understand why so many organizations still seem to be reluctant to migration, as legacy software is in the long-term a even costlier venture.