Upgrade Windows

Upgrade Windows

As a Security Professional I do get “should we upgrade from a non-supported Operating System (O/S) or not” question(s) a lot. To be more specific the questions are

-Should we upgrade from Windows XP to Windows 7 / 8.1, or ?

– Do we really need to upgrade from Windows Server 2003 to Windows Server 2012 R2?

Yes, I know Windows XP or Windows Server 2012 “was” great, productive and many of you are very eXPerienced on how to use and manage it. And yes, I do also know that “it’s still working as new” and it does do what you need mostly based on old era.

And after all, not supported O/S does not mean your XP’s and 2003’s will stop working but it does mean there will be no patch for your OS vulnerabilities.

If you are following the Cybersecurity news, you are already aware that many Hackers are already targeted “outdated O/S’s “. They know that Microsoft is not supporting Windows XP, or will not support Windows Server 2003 after July 2015. In other words, Cybercriminals knows that Microsoft will not release any patches or security updates to your Windows 2003 Servers anymore. They will wait and attack you in a time where you left alone.

New threads addressed this O/S’s will become a highly critical security risk and a compliance nightmare. Is this just Microsoft who will not support the outdated O/S ? What about Microsoft Partners, Hardware vendors and others? As most of the Microsoft partners works based on a scheduled product lifecycle, most probably they will also leave you in the wild alone. You might not even get a printer driver for your newly purchased printer as most of the vendors will even stop to make drivers for non-supported OS.

Windows XP and Windows Server 2003 were awesome OS’s. The most supported OS in the history, by far the most used O/S but based on the Microsoft Security Intelligence Report (SIR) , security experts clearly shows us Windows 7, Windows 8 and now Windows 10 has much greater in build protection rates.

So what are the mitigation strategies? Based on Australian Government your top 4 mitigation strategy should be like this (http://www.asd.gov.au/publications/csocprotect/top_4_mitigations.htm)

  1. Application Whitelisting
  2. Patching systems
  3. Restricting administrative privileges
  4. Creating Defense in Depth strategy

1- Application Whitelisting

For your application whitelisting, you can use Microsoft App Locker as starter. (http://technet.microsoft.com/en-us/windows/applocker.aspx) Which will help you to specify exactly what is allowed to run in your desktops, including applications and installation programs. To be able to use AppLocker you need minimum Windows 7 computer…

2- Patching Systems,

To be able patch your system, it has to be supported by the vendor. In case of Windows XP, or very soon Windows Server 2003 this is not going to be possible; so again the only mitigation way is again to upgrade your O/S’s.

If you are really not sure how you can manage your Patch environment, I would suggest you to use Windows Software Update Services (WSUS) for Microsoft updates and / or Secunia Personal Software Inspector for your Microsoft and third part patches. If you are an enterprise user Microsoft System Center or Secunia CSI is the way to go. Which can check your Patch status of all your desktops and applications. To be able to get healthy status in Microsoft WSUS or in Secunia PSI / CSI you need to have all your O/S and applications patched, and the only way to this is be up to date with your Windows .

3- Restricting administrative privileges

Good news, with this mitigation strategy you might look safe under Windows XP. But again don’t get happy that soon, Windows XP does not support the latest Microsoft Internet Explorer (IE), which means attackers can use some known flows in an unsupported IE to gain access in to your systems without admin access. If you are using a supported O/S you will have the peace in your minds that Microsoft will take care of the attack as soon as possible. If you are still using Windows XP/ Server 2003 again you are left alone…

4- Creating Defense in Depth strategy

Defense in depth is a military strategy that aims to delay the advance of the opponent by maintaining multiple, layered lines of defense rather than just one strong defensive line.

In terms of network security, defense in depth is the security strategy wherein network defenses are layered so that a breach in one layer only leads the attacker to the next layer of defensive countermeasures. Layering network defenses helps to prevent direct attacks against critical systems and data, increases the likelihood of the attacker being detected, and gives the defender more time to realign defenses to where they are really needed in the event of an actual, ongoing attack.

This strategy has layers such as Data, Application, Host, Internal Network, Perimeter, Physical and Policies, Procedure awareness.  I am sure you can see what I can see, such as “Host, application” which requires you to be up to date.

Summary.

Neither your Antivirus or Third Party Firewall can give you the “security Patches” that Microsoft release regularly, by not upgrading to the modern O/S you will not just miss out on the latest protection mechanisms like AppLocker, SecureBoot , or Free tools such as Microsoft Surface Attack Analyser you also not follow the Government standards of stopping bad guys, such as Top mitigations methods.

Yes, your outdated O/S’s will help you to produce data, but it can’t help you to save, manage and share your data securely.

Erdal Ozkaya

 

My Cybersecurity  Book– Attack and Defense Strategies :

https://www.erdalozkaya.com/cybersecurity-attack-and-defense-strategies-second-edition/

ww

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Remove Virus from your computer

Remove Virus from your computer, secure it back easily !

Remove Virus from your computer, secure it back easily ! WHAT IS A COMPUTER VIRUS? Computer virus is a computer program which... read more
Future of Security Melbourne and Sydney

Future of Security Melbourne and Sydney 2022 – Free tickets available

Future of Security The Future of Security conference is FST’s dedicated security forum for Sydney and Melbourne, exploring the most pressing issues... read more
Hacking Countermeasures Erdal Ozkaya

Hacking Countermeasures Lecture 4: Free Short Course

Hacking Countermeasures Lecture 4 Module 5: System Hacking Module 6: Trojans and Backdoors Module 7 : Viruses and Worms Demo: See how Malware infects... read more
Microsoft management Summit Erdal Ozkaya

MMS 2011, Thank you

MMS 2011 MMS , What a week ... Being in Vegas with thousand of IT Pro's... Delivering 2 session. Fairly new... read more

Handbook to Utilize MITRE ATT&CK Framework – Free D0wnload

 Handbook to Utilize MITRE ATT&CK Framework  prepared by Picus Security  exclusively  for the community. Download the report and learn; How to... read more
Inside The Dark Web Dr Ozkaya

New Book Inside the Dark Web

New Book Inside the Dark Web I am proud to announce my new book which I authored with support of... read more

Get Certified for FREE at GITEX 2015 Dubai

  If you are joining GITEX in Dubai then don't miss out this opportunity to get certified for FREE... read more

Local DNS Hacking ( 0nly for fun – Free Guide)

Local DNS Hacking Fun: Force your End Users to use “your site” (local DNS “hacking”) OK OK, this is not real hacking... read more
Turk Telekom Cybersecurity Erdal Ozkaya

Turk Telekom Cybersecurity – Thankful for the award – 0

Turk Telekom Cybersecurity Thank you very much for the great hospitality Turk Telekom and specially Ilknur Cifcibasi it was a great... read more

Malware past present and future.

Malware past present and future. This article is about Malwares, from the past , to present and their future, I hope... read more