Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Bitesize Article Windows Server 2003 expiration brings defense in depth to life Andrew Avanessian, VP of Pre-Sales Consultancy The termination of support for Windows Server 2003 (WS2003) is imminent, leaving many enterprises in a race against the clock before the system’s security patches cease. 61% of businesses have at least one instance of WS2003 running in their environment, which translates into millions of installations across physical and virtual infrastructures. While many of these businesses are well aware of the rapidly approaching July 14th deadline, and the security implications of missing it, only 15% have fully migrated their environment. So why is it that many enterprises are so slow to make the move? Migration déjà vu The looming support deadline, the burst of security anxiety, the mad rush to move off a retiring operating system… sound familiar? This scenario is something we’ve seen before, coming just 12 months on from expiration of Windows XP support. While there may be fewer physical 2003 servers in an organization than there were XP desktops, a server migration is more challenging and presents a higher degree of risk. From an endpoint perspective, replacing one desktop with the latest version of Windows affects only one user – meanwhile, a server might connect to thousands of users and services. Having a critical server unavailable for any length of time could cause major disruption and pose a threat to business continuity. Compared to the desktop, server upgrades are significantly more complex, especially when you then add hardware compatibility issues and the need to re-develop applications that were created for the now outdated WS2003. Clearly, embarking on a server migration can be a very daunting process – much more so than the XP migration – which seems to be holding many organizations back. avecto.com The cost of upgrading vs. staying Moving off WS2003 can be a drain on time resources. While most IT administrators understand how to upgrade an XP operating system, the intricacy of server networks means many migrations will require external consultancy, especially if they are left to the last minute. It’s no wonder that companies this year are allocating an average of $60,000 for their server migration projects. Still, it’s a fair price to pay when you consider the cost of skipping an upgrade entirely. Legacy systems are expensive to maintain without regular fixes to bugs and performance issues. And without security support, organizations will be left exposed to new and sophisticated threats. Meanwhile, hackers will be looking to these migration stragglers as their prime targets. For those who fall victim to exploits as a result, it’s not just financial losses they’ll have to deal with, but a blow to their reputation as well. It also means that companies continuing to run on WS2003 after support ends will be removed from the scope of compliance, adding other penalties that could damage the business even further. If they haven’t already, businesses still running on the retiring system should be thinking now about making an upgrade to Windows Server 2012. It’s easier said than done, of course. A server migration can take as long as six months, so even if businesses start their migration now, there could still be a two month period during which servers run unsupported. This means that organizations should be putting defenses in place to secure their data centers for the duration of the migration and beyond. Bitesize Article Control admin rights While sysadmins are notorious for demanding privileged access to applications, the reality is, allocating admin rights to sys-admins is extremely risky, since malware often seeks out privileged accounts to gain entry to a system and spread across the network. Plus, humans aren’t perfect, and the possibilities for accidental misconfigurations when logging onto a server are endless. In fact, research has shown that 80% of unplanned server outages are due to ill-planned configurations by administrators. Admin rights in a server environment should be limited to the point where sysadmins are given only the privileges they need, for example to respond to urgent break-fix scenarios. Doing so can reduce exploit potential significantly. In an analysis of Patch Tuesday security bulletins issued by Microsoft throughout 2014, the risk of 97% of Critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights. Application control Application Control (whitelisting) adds more control to a server environment, including those that are remotely administered, by applying simple rules to manage trusted applications. While trusted applications run through configured policies, unauthorized applications and interactions may be blocked. This defense is particularly important for maintaining business continuity as dev teams are rewriting and refactoring applications. Sandboxing Limiting privileges and controlling applications sets a solid foundation for securing a server migration, but even with these controls, the biggest window of opportunity for malware to enter the network – the internet – remains exposed. Increasingly, damage is caused by web-borne malware, such as employees unwittingly opening untrusted pdf documents or clicking through to websites with unseen threats. Vulnerabilities in commonly used applications like Java and Adobe Reader might be exploited by an employee simply viewing a malicious website. Sandboxing is the final line of defense that all organizations should have in place, at all times. By isolating untrusted content, and by association any web-borne threats or malicious activity in a separate secure container, sandboxing empowers individuals to browse the internet freely, without compromising the network. Having instant web access is expected in modern workplaces, so sandboxing is ideal for securing internet activity without disrupting productivity and the user experience. Windows Server 2003 migration, a window of opportunity It shouldn’t take an OS end of life to spur change – especially security change. Organizations and their IT teams should always be thinking about how they can adapt their defenses, ensuring that they’re primed to handle the new and sophisticated threats we see emerging every day. A migration is often the perfect time to revitalize an organization’s security strategy. With a migration process a catalyst for reinvention, IT can lean on solutions like Privilege Management, Application Control and Sandboxing to not only lock down the migration, but carry beyond it too, providing defense in depth across the next version of Windows. About Avecto Avecto is an innovative technology business specializing in endpoint security. The company’s revolutionary Defendpoint software ensures security defense in depth while empowering users to work freely. This mantra of security + freedom underpins Avecto’s philosophy to unite IT departments and their end users. Avecto has placed in the top 4 of the Deloitte Fast 50 for the last two consecutive years, making it one of the UK’s fastest growing software companies, winning global accolades for quality and innovation. UK Americas Australia Hobart House Cheadle Royal Business Park Cheadle, Cheshire, SK8 3SR 125 Cambridge Park Drive Suite 301, Cambridge, MA 02140 USA Level 8 350 Collins Street, Melbourne, Victoria 3000, Australia Phone +44 (0) 845 519 0114 Fax +44 (0) 845 519 0115 Phone 978 703 4169 Fax 978 910 0448 Phone +613 8605 4822 Fax +613 8601 1180 Avecto @avecto +Avecto avecto.com [email protected]