I still have Windows 2003 on my network, how can I maintain security?

Today, July 14th 2015, is the date when support ends for Microsoft Windows 2003. One of the most successful server platforms in history goes the way of the dinosaur. What does that mean for your business? Are you ready for the end?

While Windows 2003 servers will not suddenly stop working they will now be at a higher risk of cyber security dangers such as malicious attacks or data loss. Also, as US-CERT notes “Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.” While some may not have taken this seriously, it’s much more notable since the government’s breach at the Office of Personnel Management (OPM) as during the hearings it was noted that one of the major issues was that they had legacy systems that could not be protected with modern forms of cyber defense.

What can you do? The obvious answer is to upgrade these servers as soon as possible.  Another step you can take is to see if it is feasible to move all sensitive data from the Windows 2003 servers and use a combination of segregation and monitoring between the sensitive data and the now legacy servers. A final option is to use a commercial ‘virtual patching’ product of which there are many on the market. Simply put, it is a product that looks at known vulnerabilities and compares them against vulnerabilities on your Windows 2003 server, then creates rules to defend against the vulnerabilities until a patch is applied to fix the issue (although in Windows 2003 the issue will never be patched due to it being end of support).

Don’t get caught without adequate time to plan and budget for upgrades.  Be sure to maintain an inventory of all products used by your organization, review at least annually, and then budget and plan for migrations well in advance.

Website | + posts

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.