Server operating systems with an OS, for which vendor support has ended, come with many risks that have to be considered and addressed. The primary goal should be always to decommission or migrate the majority of end-of-life (EoL) servers to OS versions, supported by the vendor. Here it should be noted that a migration to an up-to-date OS should be preferably done before your organization enters the end of life of that software 😉
However, it must be considered that a number of servers cannot be migrated or shut down (easily) and must remain operational and accessible. Based on a customer project in 2014 we developed a high-level security concept for the secure operation of end-of-life Windows servers. We published this concept in our latest newsletter. You will find it here (https://www.ernw.de/download/newsletter/ERNW_Newsletter_47_Security_Concept_for_End-of-Life_Windows_Servers_signed.pdf)
The concept covers the following areas:
- Identification and evaluation of relevant risks of operating EoL server environments
- Guidelines for the design of a secure EoL environment, including the areas:
- Network design
- Virtualization design
- Active Directory design
- Guidelines for the development of a secure administration model for EoL server environments
- Guidance for the secure operation of Domain Controllers and EoL servers
- Security monitoring and logging recommendations
In the focus of the concept are mainly Windows server systems. Nevertheless, general recommendations can be applied to platforms with other operating systems. In the light of the rapidly approaching EoL of Windows Server 2003 (July 14, 2015), the concept gives a good opportunity to plan ahead and be prepared for it 😉
If you want to learn about how to protect critical systems running Microsoft Windows and the Active Directory itself, and how to make an attacker’s life much harder when it comes to compromising Microsoft based systems in enterprise environments, join us at the Troopers “Hardening Microsoft Environments” training (https://www.troopers.de/events/troopers15/321_hardening_microsoft_environments/) in Heidelberg on March 17th.
Tickets for this training are still available 😉
Enjoy reading our concept & have a great day!