Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

Windows Server 2003 … “I wish I could quit you!”

windows server 2003.gifWindows Server 2003 was launched on April 24, 2003, exactly 11 years, 2 months and 23 days ago.  Do you remember 2003?  Let me jog your memory.  The Concorde made its last ever flight, the Space Shuttle Columbia disintegrated upon reentry, Tampa Bay won the Super Bowl, the invasion of Iraq occurred, Netscape was disbanded and the Mozilla Foundation was established, the last old style Beetle rolled off the assembly line, the price of gas was $1.59 a gallon in the US and the movie Chicago won the Oscar for best picture.   A lot has happened since then, especially in the world of security threats and vulnerabilities and their associated sophistication.  Consider the fact that Microsoft issued 37 critical updates for Windows Server 2003 in 2013 alone; these types of security updates will all disappear in 2015.  

 

Windows Server 2003 came with a number of advanced security innovations, which arguably were considered leading edge.  These included Public Key Infrastructure (PKI) technologies, an Encrypting File System (EFS), Stored User Names and Passwords to enable Single Sign-On (SSO), security policies, software restriction capabilities and more.  However, this architecture has long since seen its time and it is no longer able to provide the necessary security foundation on which to offer a trusted compute platform to protect against today's cyber threats.  In fact, the last Windows Server 2003 Service Pack was issued over seven (7) years ago and standard support was terminated over four (4) years ago leaving its security posture frozen in time.   

 

Stuck with Windows Server 2003?  If you are anything like other organizations that must continue to use one or more of the 15 various versions of Windows Server 2003, there are obviously compelling business or technical reasons why you will continue to use an off-support operating system.   No proselytizing here, you will get enough of that from the press and industry analysts.  So, let us talk about what you can do to protect your Windows Server 2003 machines going forward.

 

Below I put together a list of practical solutions (I think anyway) to consider:

 

  • Harden the last official operating system release and perform rigorous security penetration testing in order to create your trusted production version.

     

  • Place as many of your expired OS machines in their own secure network segment, apply multiple layers of defense – apply an abundance of caution. Install TippingPoint NGFW to tightly control who and what gets access to your vulnerable Windows Server 2003 machines.

     

  • Protect the network segment(s) with the expired OS with TippingPoint NGIPS to create a virtual patching environment. Threats will need to get past your bump-in-the-wire IPS solution that will have filters to stop all those attacks seeking to exploit Windows Server 2003 vulnerabilities – even Zero Day exploits.

     

  • For truly mission-critical applications running on a Windows Server 2003, try application virtualization. By encapsulating an application to run in an artificial environment, applications written for one OS version can actually execute on another different OS. This allows you to apply more advanced security to protect your legacy applications.

     

  • Whitelist all applications on the expired OS; only allow authorized and trusted applications and utilities to function.

     

  • Use an anti-virus product that will continue to support Windows Server 2003.

     

  • Restrict network connectivity to machine-to-machine, not Internet access (if possible).

     

On July 14, 2015 or 11 months and 29 days from now, Microsoft will no longer offer security updates, support or technical content updates for Windows Server 2003 (WS2003). It has been widely estimated that migrating a Windows Server can average 200 days, so if you are going to migrate you had better start soon. If not, try out some of the suggestions I previously mentioned.

 

I would love to hear how your company plans to protect its Windows Server 2003 machines; drop me a line. If you do plan to quit Windows Server 2003, check out what HP can do for you at Migration from Windows Server 2003.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/b...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation