19
Windows Server 2003 is nearly out of support
Windows Server 2003 is nearly out of support, and a lot of us just do not have the choice to update to a newer operating system. In some instances this issue is self imposed. In others it’s the consequence of events beyond our control. Either way, there are millions of companies – mainly small companies – who merely do not have the choice to update if they needed to.
In an ideal universe, we’d all just migrate to supported programs. This really is not always possible.
I have seen lots of scenarios where sector special applications replacements only do not exist. This typically occurs in mature markets which have reached economical entropy.
Marketplaces often go one of two manners. Modest firms forth until just a couple of firms control, are obtained and unite. These men have no difficulties writing new applications to replace the old.
The other alternative is economical entropy. No person firm ever climbs to the top. An infinite variety of small, local businesses compete another, driving margins down to the point of ridiculousness.
This latter choice that is economical is fairly common in Canada. There are several marketplaces where no one firm has enough cash to take have their 30 year old business special applications rewritten.
There’s absolutely no cash because not one of the firms in that marketplace have some cash in a software house rewriting the applications on spec and then attempting to sell it into that marketplace. There is no expectation of getting each of the businesses in the marketplace towards getting new applications written because they hate each other to work collectively.
The most urgent problems preventing upgrade typically are not specialized, they are political and regulatory.
In case your business needs completely vendor-supported programs in order to satisfy regulatory conditions subsequently a seller who’s not prepared to go away of Server 2003 is a tremendous issue. That programmer could be setting your organisation in an undermining – and possibly expensive – standing.
There might also be political or resource problems within the IT section. Few administrators are interested in being responsible for a program the seller no longer supports. It’s very time consuming and much more personally high-risk to the people that are responsible should something FAIL. Pledges might need to be made if an organization needs to drag along applications that is out of support and indemnifications given.
Outside the controlled sectors “conform or perish” is the mantra.
I recently inherited a website with a Novell Netware set up and 6 Windows NT servers that functionally can not be updated. I ‘ve several other websites and it functions just fine, thank you very much. There is nothing wrong with these systems and I’m quite convinced they’re equally as safe as their brethren that are newer, but just because precautions are taken to make them thus.
In almost all instances where something like Server 2003, Server 2000, Windows NT or Netware must be dragged along it’s because there’s some quite special use or part of hardware they should run. That is good, but to be absolutely frank about this: there’s no way we can trust those systems that are operating at any given stage to not be undermined. To continue to work with them, isolate them and we should treat them as possibly hostile.
I depend a lot on phantom and virtualisation. Keep program installs and the operating system different from settings and the information as much as really possible. Consistently back up settings files and the information. I do this where possible.
In the event network access is needed by the systems, make it exceptionally limited and on a greatly protected and completely different network. Intrusion detection systems and firewalls ought to be segregating the remaining part of the network and those systems.
The guideline would be to minimise the variety of potential means those systems can interact together with the external world. I use MAC address filtering to restrict the systems my OSes that are insecure can speak to. For the handful that want internet access (typically some system running a production machine that should phone home to report how many widgets are created) I pushes them through an extremely protected proxy system and they are able to just get whitelisted IP addresses and domain names.
If it’s possible to do so assemble a gateway system that is highly protected.
There are no comments.