Windows Server 2003 End of Support Survival Guide


Increased security, guaranteed compliance and reduced maintenance costs are certainly reasons enough to push more and more businesses towards migrating away from Windows Server 2003 in the coming months. Will your company be one of them?

Ed Jones works for Firebrand Training, a Microsoft Gold Learning Partner. He has worked in the IT training and certification industry for the past 4 years. He is a tech enthusiast with experience working with SharePoint, Windows Server and Windows desktop.

Microsoft officially ended support for Windows Server 2003 on July 14th of this year, but what does this actually mean? Well, for businesses still operating within the Windows Server 2003 framework, Microsoft Windows Serverit means the responsibility for securing, patching and identifying vulnerabilities now falls solely on you, the end user.

Microsoft will no longer devise and disseminate security updates, or fix issues that appear in the legacy server operating system. This lack of continuing support will extend to System Center Endpoint Protection and Forefront Endpoint Protection running on the WS2003 platform.

Worldwide, there are around 3 million servers still housing their data — credit card details, customer information, etc. — on Windows Server 2003 machines. All of them are now officially unprotected.

What are the real risks of staying on the Windows Server 2003 platform?

Security breaches: Migrating to a new IT platform is always going to cost businesses money, both in acquiring the necessary technology and software resources and also in training staff in how to use the new platform. However, consider the fact that the average data breach now costs a company £1.46m (as reported by the Telegraph), or about $2.22 million, and the overhead expenses needed to keep servers secure and up to date start to look like a very good value for the money indeed.

With Windows Server 2003 not having any internal firewalls, gaining access to an unprotected system gives a hacker complete freedom to move around all of its files, folders, databases and applications. And all it takes for this to become a plausible scenario is a single unpatched vulnerability.

Hardware failure: Windows Server 2003 is now over a decade old. Many of the businesses still employing the outdated OS will have purchased new hardware at the same time as they got on board with the platform. This means that the machines themselves are likely to be well past their own operational lifespans, leading to increasingly high failure rates that can also potentially lead to data loss.

Operational cost increases: The costs of running a twelve-year-old hardware system are high, and those associated with continually patching a server platform well past its use-by-date can be considerably more so. Conservative estimates state that the cost of protecting a single instance of Windows Server 2003 on an increasingly inefficient system could begin at £385, or roughly $585, per year.

Issues with new software: Nowadays most new device drivers and applications favor 64-bit systems and environments. As Windows Server 2003 only runs 32-bit, businesses still wedded to the retired framework may find they are increasingly unable to keep up-to-date with their competitors in terms of running the latest software.

Compliance issues: Windows Server 2003 is no longer PCI compliant. This will cause several issues for businesses that choose not to migrate to newer platforms. One of the most serious of these issues is that websites still running on the system will no longer be able to have payments processed by either Visa or MasterCard. Unsupported systems may also fail to meet HIPAA and SOX compliance levels.

A Word on Migration

To make sure your company's systems are secure, compliant with current industry standards, and as future-proofed as possible, those still running Windows Server 2003 should be thinking very strongly about migrating to either Windows Server 2012 R2 or Microsoft Azure. Microsoft's Migration Planning Assistant offers a comprehensive guide for making the transition that is both user-friendly and thoroughly informative.

So how can businesses secure Windows Server 2003 post End of Support?

Despite the multiple issues mentioned above, and the best advice of the industry to migrate as soon as possible to ensure security and support, some businesses will still opt to soldier on with Windows Server 2003. In the following section, we will describe how this could be feasible in some cases, with the inevitable compromises that such a system would have to incorporate.

Layered security: The installation of both network and network application firewalls to a system could add several layers of security that would have to be breached in turn by any would-be cyber-criminal. A server running multi-tiered security like this would still have to perform regular security checks and functions, however, and by no means would these extra lines of defense be impenetrable.

Pulling the plug: While unfeasible for many companies and organizations operating in today's global economy, going offline could very well be the single best way to protect an outdated system from attack. If you can stomach it, complete network isolation of any server still running WS 2003 would deny remote hackers any access to your businesses data. This has been a popular method of securing terminals still operating under Windows XP.

Access restrictions: It may go without saying, but companies still reliant on superseded technologies like Windows Server 2003 should be restricting and monitoring physical access to servers as a matter of course. All activity should be recorded and reported, and large businesses may even need to think about bringing in specialized security personnel or CCTV.

Regular backup: As we have already mentioned, running an aging system means users can expect much higher hardware failure rates, which can in turn lead to data loss. IT technicians working with older systems therefore should ensure that they are backing up data to external, isolated storage systems as much as possible. As an extra protection against loss, businesses should consider secondary cloud-based backups such as Microsoft Azure Backup Services or Amazon S3 Backup.

Application whitelisting: Application whitelisting is the process of dictating to a system the applications that may be allowed to run, effectively blacklisting all other programs. Making sure that only System Administrator-approved applications are able to be run can guard against zero-day vulnerabilities, as well as malware installation.

If business owners can guarantee they are able to put all of the above into practice, than they will certainly be going a long way towards securing their Windows Server 2003 systems. However, the cumulative costs associated with employing additional security, technological and staff, as well as potential revenue losses through decreased global reach, if going offline, may make WS 2003 retention rather unpalatable.

Increased security, guaranteed compliance, and lower failure rates and maintenance costs will certainly be reasons enough to push more and more businesses towards migration in the coming months. Will your company be one of them?

Ed Jones works for Firebrand Training, a Microsoft Gold Learning Partner. He has worked in the IT training and certification industry for the past 4 years. He is a tech enthusiast with experience working with SharePoint, Windows Server and Windows desktop.

This article was originally published on Thursday Oct 15th 2015
Mobile Site | Full Site