- 1 Tracking Active Directory Operations with PowerShell Commands
- 2 Azure Automation DSC Configures from the Cloud
- 3 AD Key Health Checks, Part 4: Backing Up AD Partitions
- 4 AD Key Health Checks, Part 3: Designating Bridgehead Servers
- 5 Keeping Active Directory Running Smoothly - Key Health Checks, Part 2
How can businesses secure Windows Server 2003 post End of Support? Page 2
So how can businesses secure Windows Server 2003 post End of Support?
Despite the multiple issues mentioned above, and the best advice of the industry to migrate as soon as possible to ensure security and support, some businesses will still opt to soldier on with Windows Server 2003. In the following section, we will describe how this could be feasible in some cases, with the inevitable compromises that such a system would have to incorporate.
Layered security: The installation of both network and network application firewalls to a system could add several layers of security that would have to be breached in turn by any would-be cyber-criminal. A server running multi-tiered security like this would still have to perform regular security checks and functions, however, and by no means would these extra lines of defense be impenetrable.
Pulling the plug: While unfeasible for many companies and organizations operating in today's global economy, going offline could very well be the single best way to protect an outdated system from attack. If you can stomach it, complete network isolation of any server still running WS 2003 would deny remote hackers any access to your businesses data. This has been a popular method of securing terminals still operating under Windows XP.
Regular backup: As we have already mentioned, running an aging system means users can expect much higher hardware failure rates, which can in turn lead to data loss. IT technicians working with older systems therefore should ensure that they are backing up data to external, isolated storage systems as much as possible. As an extra protection against loss, businesses should consider secondary cloud-based backups such as Microsoft Azure Backup Services or Amazon S3 Backup.
Application whitelisting: Application whitelisting is the process of dictating to a system the applications that may be allowed to run, effectively blacklisting all other programs. Making sure that only System Administrator-approved applications are able to be run can guard against zero-day vulnerabilities, as well as malware installation.
If business owners can guarantee they are able to put all of the above into practice, than they will certainly be going a long way towards securing their Windows Server 2003 systems. However, the cumulative costs associated with employing additional security, technological and staff, as well as potential revenue losses through decreased global reach, if going offline, may make WS 2003 retention rather unpalatable.
Increased security, guaranteed compliance, and lower failure rates and maintenance costs will certainly be reasons enough to push more and more businesses towards migration in the coming months. Will your company be one of them?
Ed Jones works for Firebrand Training, a Microsoft Gold Learning Partner. He has worked in the IT training and certification industry for the past 4 years. He is a tech enthusiast with experience working with SharePoint, Windows Server and Windows desktop.
Read more on "Server OS Spotlight" »