Windows 2003 EOL
On July 14th, 2015 Microsoft is closing the book on Server 2003. That means that in just over a year there will no longer be any security patches available for the venerable operating system. Any new exploits will go unchecked and, just like XP (which went EOL back in April 2014), anyone running Server 2003 is putting their company at risk. With over 10 million machines running 2003 worldwide, this is a very target rich environment for cyber-criminals and the payoff could be huge.
So what can you do to protect yourself?
It’s time. And it’s the absolute best way to deal with this.
There are several things you can do that might mitigate some of the holes that will never get filled after Server 2003 EOL, but patches are a key component to security and without them you are weakening the foundation of your defenses. No matter what other measures you take (which I will talk about shortly) you are still leaving a huge gap in security by sticking with 2003.
No, the only sure way to deal with this is to upgrade. Plus you get the added benefits of a modern OS like drivers that work and compatible software. Newer applications and devices just won’t run on or work with 2003, just like they won’t run on Windows 3.1 or NT.
But, what if you can’t upgrade?
A legitimate possibility. I know there are companies out there who run LOB applications on 2003 (even 2000). These are legacy applications, frequently in the manufacturing, retail and government markets that, for one reason or another, cannot be upgraded or run on newer server operating systems.
In such cases, the best you can do is:
- Segregate these systems from the rest of your network as best you can. Use VLANs or phyically disparate networks if possible.
- Do not allow internet access. If you can’t completely block it then restrict it as much as you can.
- Disable USB storage, CD-ROMs, DVD-ROMs and floppy drives.
- Use Defense in Depth. AV, UTM, mail filtering should all be employed.
- Backup! Backup daily. Backup hourly or every 5 minutes if you need to. Keep those backups for a long time.
This may help keep the system safe, but you are still vulnerable. Security through obscurity is not very effective. That’s why Defense in Depth and good backups are essential if you plan to run Server 2003 after EOL.
Defense in Depth will provide hurdles for attackers and warnings for you so that you have time to react and counter an attack.
Good and frequent backups can help you recover from an attack that destroys or otherwise prevents you from getting to your data (think CryptoLocker), however it does nothing to help with data leakage.
The time is nigh
I know it seems like Server 2003 EOL is a long way off, but it will be Christmas before you know it.
The time to consider your options is now. Get it into the budget for next year.
Not only will you gain peace of mind, but you’ll join the rest of us in the 2nd decade of the new millennium.
Do you have a 2003 server you just can’t replace? Let me know how you’re going to handle this in the comments section.
Not sure what to do or where to begin in planning for 2003’s demise? Give us a call at 866-753-6269 or email us here. We’d love to help.