Turn the Page: Why now is the time to migrate off Windows Server 2003
|
|
- Agnes Morris
- 8 years ago
- Views:
Transcription
1 Turn the Page: Why now is the time to migrate off Windows Server 2003 HP Security Research Contents Introduction... 1 What does End of Support mean?... 1 What End of Support doesn t mean... 1 Why you need to leave Windows Server 2003 in the past... 2 Compliance concerns... 2 Security... 2 Hidden costs in maintaining older systems... 4 Where to go from here... 4 Get a Custom Support Agreement... 4 Migrate to a newer version of Windows Server... 4 Migrate to Linux... 5 Hope for the best... 5 Conclusion... 5
2 Introduction In January 2015, Microsoft released a patch to fix an issue in the Network Location Awareness (NLA) service. The vulnerability affects all versions of Windows Server, but a fix was not provided for the Windows Server 2003 platform. As stated in the bulletin, The architecture to properly support the fix provided in the update does not exist on Windows Server 2003 systems, making it infeasible to build the fix for Windows Server This highlights the differences in operating system (OS) architectures between modern OSes and an OS now over eleven years old. While this alone should not push enterprises to move away from the OS, the impending end of support for this OS should have businesses thinking about what comes next for their remaining Windows Server 2003 deployments. What does End of Support mean? Microsoft has two different lifecycles for its products: mainstream and extended 2. The biggest difference between these levels is the availability of non-security updates. During the mainstream support period, new functionality may be added through service packs or hot fixes. These are in addition to security updates. Once mainstream support ends, usually five years after the product s initial release date, extended support kicks in. This provides free security updates, but little else. Mainstream support for Windows Server 2003 ended in 2010, which means there have been no service packs or new functionality changes in over four years. On July 14, 2015, extended support for Windows Server 2003 ends as well. After this date, there will be no additional security fixes or updates of any kind freely available. Deployments of the OS won t stop working on the 15 th of July, but as of that day, these systems represent a different type of risk for the enterprises who use them. What End of Support doesn t mean On July 15, 2015, there will be little changed for those using Windows Server No features will be disabled. There will be no forced update on to a new platform. The vast resources of online guidance for running and troubleshooting the OS will exist as they always have. In short, nothing obvious will change immediately. However, as time goes on, the lack of support and the lack of updates will become apparent. Attacks represent another reality that will not change once support ends. Just as today, adversaries will continue targeting Windows Server If you are looking for an example of this, you only need to look back to the end of support for Windows XP. Immediately following the end of free security updates for that platform, active attacks were seen in the wild targeting Internet Explorer versions on XP. While Microsoft made the decision to offer patches for XP at that time, it is unlikely they will make this extraordinary decision again. In addition to the current attacks, many of the issues affecting the more modern platforms (e.g. Windows Server 2012 R2) also affect Windows Server While the OSes are very different, there is still shared code between platforms. In January, 2015, five of the seven security bulletins released by Microsoft impacted both Windows Server 2012 R2 and Windows Server After support ends, attackers may use the security bulletins as a guide to determine new vulnerabilities on Windows Server Due to the lack of security updates, enterprises still running Windows Server 2003 after support ends will become an even more attractive target to adversaries
3 Why you need to leave Windows Server 2003 in the past While definitive numbers remain elusive, estimates put Windows Server 2003 usage at about one-third of all Windows Server deployments. This seems likely, as Windows Server 2003 remains a remarkably stable OS. Despite this reliability, it is time for enterprises to leave this platform and migrate to a modern OS. Compliance concerns In almost every industry, there now exists a form of national or international regulation covering the security and maintenance of computer systems. These regulatory requirements will often mandate that systems within a domain be supported. Correspondingly, if unsupported systems exist within a domain, it is unlikely the enterprise will be within regulatory compliance. The U.S. Computer Emergence Readiness Team (US-CERT) notes, Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server Put more simply, once Windows Server 2003 is out of support, the chances of maintaining compliance with applicable regulations closely approaches zero. Security While the lack of security updates is a primary concern for those running out-of-support servers, there are additional security concerns related to running Windows Server One area that is often overlooked is the availability of defense-in-depth (DiD) features available in modern OSes. Starting in the early 2000 s, the concept of placing defenses deep within the OS became a reality. The goal was to prevent known attack techniques from working on a target system, even if the attacker attempts to exploit an unpatched bug. One of the first of these DiD measures implemented was Address Space Layout Randomization (ASLR). In its simplest form, ASLR randomizes memory to make it more difficult for an attacker to get code to the targeted location in memory. Windows Server 2003 does implement ASLR, but the development of memory randomization has continued over the years to include methods that cannot be implemented on Server Another example of DiD is known as SafeSEH, which means an image has safe exception handlers. This feature builds a table of safe exception handlers when a program is being compiled. If a program has this in place, when exceptional conditions occur, the table is consulted to ensure a match exists. If a match doesn t exist in the table, the program is terminated. Of course, the limitation with this feature is that programs must be built with SafeSEH enabled. Later OSes implemented a second DiD technique called Structured Exception Handler Overwrite Protection (SEHOP). It works differently than SafeSEH, with its main benefit being that it does not require programs to be built with any special flags. SEHOP is able to mitigate Structured Exception Handler overwrites by verifying the integrity of the chain of registered exception handlers at the time that an exceptional condition occurs. Typically, an SEH overwrite will break the integrity of this chain, which is what enables SEHOP to mitigate it. While Windows Server 2003 does have SafeSEH, SEHOP is only available on Windows Server 2008 and later. In the more recent server versions, SEHOP was further extended to permit applications to opt-in on a per-application basis. Previously, SEHOP had to be enabled or disabled for the entire system, which lead to application compatibility issues for some programs. 4
4 There are just two examples of DiD security features available in newer OSes. A comparison of other DiD features 5 6 7, including those found in supported Microsoft Internet Explorer (IE) versions 8, is located in Table One. Table 1: Comparison of DiD features DiD Features SEHOP IE Protected Mode Windows Server 2003 With Internet Explorer 8 Windows Server 2012 R2 With Internet Explorer 11 Enhanced Protected Mode Virtual Table Guard ASLR Limited Extensive Stack Randomization Heap Randomization Image Randomization Force Image Randomization Bottom-Up Randomization Top-Down Randomization High Entropy Randomization PEB/TEB Randomization Heap Hardening Limited Extensive Header Encoding Terminate on Corruption Guard Pages Allocation Randomization Safe Unlinking Header Checksums /GS Enhanced /GS SafeSEH 5 Miller, Matt and Johnson, Ken. 2012, July 25. Black Hat USA Exploit Mitigation Improvements in Windows 8. Retrieved from
5 The inclusion of these additional DiD features results in an increased level of difficulty for attackers wishing to take over a system. They no longer just need an exploit in an application; they must now have an exploit combined with techniques to circumvent the DiD features. While these circumventions exist, every step that makes it more difficult for attackers is another chance for defenders to catch them. Hidden costs in maintaining older systems While the adage, If it ain t broke, don t fix it may ring true in many situations, it is often the opposite case for computing systems. Some reports indicate the cost of maintaining older systems is 1.6 times the cost of replacement 9 - especially for small- and medium-sized enterprises. The investment of capital needed to replace outdated servers may be daunting at first, but in the end, you may actually be saving money by getting new hardware and the new software that comes with it. Where to go from here For those who are still running Windows Server 2003, there are a few options. Get a Custom Support Agreement For those who cannot migrate away from Windows Server 2003, there is an option that will provide security updates after support ends for a price. Microsoft offers Custom Support Agreements (CSA) for products that have reached their end of support date. For customers who enter into a CSA, Microsoft will produce security patches for what they deem critical-class vulnerabilities 10. Patches for important severity issues may also be provided; however, these are only produced if the customer pays extra. By Microsoft s own estimate, a CSA agree will run in the neighborhood of over $200,000 US a year 11. In the past, the price for a CSA rises year-over-year, meaning that it is likely this cost will only go up. This option should be viewed as a stopgap measure to keep servers up-to-date while a larger migration plan is put in place. The economic feasibility of continuing to pay for support is not sustainable year-over-year. Migrate to a newer version of Windows Server Moving to the latest version of Windows Server gets you to a supported state with access to the latest features in both functionality and security. This may seem like the obvious choice, but it is not without problems as well. According to Microsoft, the average migration time is over 200 days 12. There is also the issue with finding all of the servers needing to be replaced within an enterprise. This may sound simple, but physically locating every server of a specific type within a large enterprise can be surprisingly difficult end-of-life-is-coming-on-the-july-14th-2015.aspx
6 Migrate to Linux For some companies, migrating servers from Windows to Linux is a viable option. Linux is currently deployed on 36.4% of existing web sites 13 and can work equally as well in an enterprise scenario. Modern Linux systems also provide many DiD features similar, but not identical, to those found in modern versions of Windows Server. While a new Windows server may require new hardware, a version of Linux exists that will run on your existing systems. This option will not be practical for all enterprises currently running Windows Server 2003, but for a subset of these people, the potential cost savings of moving to Linux dictate at least considering the option. Hope for the best For those without compliance issues, the option to do absolutely nothing still exists. If everything works well within your enterprise, just keep running it and hope that attackers, regulators, shareholders, and everyone else never notices the operating system used for their business transactions is well over a decade old. This also ensures you won t struggle implementing any of the new features modern operating systems allow. Technologies like Hyper-V, hybrid and public cloud, BYOD and mobile device management, and numerous defense-in-depth measures will never become an implementation problem because Windows Server 2003 simply will not support them. Conclusion With the impending end of support for Windows Server 2003, enterprises need to take action. It still works is no longer an excuse for running an outdated operating system. After July 14, 2015, Windows Server 2003 will no longer receive free security updates. In addition to potential long-term cost savings of replacing rather than maintaining older hardware, modern OSes offer defense-in-depth technologies not found on Windows Server Running an unsupported OS will also lead to issues with regulatory compliance. To prepare for this date, administrators need to determine which course of action they will choose. Some may decide a custom support agreement and paying for patches is their best course of action until they can implement a long-term solution. Others may choose to migrate to a newer, supported version of Windows Server, or even a migration to a supported version of Linux. In all reality, doing nothing to prepare for this date is simply not an option. Attackers will not stop targeting systems that are running Windows Server 2003 simply because it is no longer supported. Vulnerabilities in Server 2003 will continue to be found as well even if they are disguised as bugs in newer server platforms. As we move further away from the end of support date, the risks of continuing to run Windows Server 2003 will only increase and the costs of keeping it in an enterprise will become too great to justify. By July 2015, Windows Server 2003 will be over 12 years old. That is a remarkable feat for any piece of technology, but it is time to retire the product and move on. Modern OSes provide security updates, a better set of features, and a more robust security strategy. Continuing to hold on to the past will stagnate an enterprise s ability to take advantage of new technologies such as hybrid cloud solutions and mobile device management. The July date is fast approaching. There is no better time than now to plan how your servers and enterprise will look in the next decade. 13
Bypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More informationSoftware Vulnerability Exploitation Trends. Exploring the impact of software mitigations on patterns of vulnerability exploitation
Software Vulnerability Exploitation Trends Exploring the impact of software mitigations on patterns of vulnerability exploitation Software Vulnerability Exploitation Trends This document is for informational
More informationWHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia
Running Windows Server 2003 in a Post-Support World By Nick Cavalancia TABLE OF CONTENTS Introduction 1 The Challenge of Staying on Windows Server 2003 2 Building a Vulnerability Mitigation Strategy 4
More informationeguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life
Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows
More informationWindows Server 2003 End-of-Support
Windows Server 2003 End-of-Support How to Securely Extend Service Life Microsoft withdraws support for Windows Server 2003 on July 14, 2015. Here s how you need to respond to protect your organization
More informationWindows Server 2003 Migration: Take a Fresh Look at Your IT Infrastructure
EXECUTIVE BRIEF Windows Server 2003 Migration: Take a Fresh Look at Your IT Infrastructure Sponsored by: Symantec Carla Arend December 2014 Andrew Buss IDC Opinion Microsoft will be ending Extended Support
More informationWhy a Server Infrastructure Refresh Now and Why Dell?
Why a Server Infrastructure Refresh Now and Why Dell? In This Paper Outdated server infrastructure contributes to operating inefficiencies, lost productivity, and vulnerabilities Worse, existing infrastructure
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationImplications for the Honeywell Enterprise Buildings Integrator User Community
Microsoft Windows XP End-of-Life Implications for the Honeywell Enterprise Buildings Integrator User Community Executive Summary Thousands of building systems managers all over the world are using the
More informationeguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success
: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success FAST FACTS Over 10 Million Windows Server 2003 Devices Still In Use Less Than 250 Days To Windows Server
More informationBackground. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.
Microsoft s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationWindows Server 2003 End of Support. What does it mean? What are my options?
Windows Server 2003 End of Support What does it mean? What are my options? Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock) is looming No more patches from
More informationMost IT administrators are aware that Windows Server 2003 will reach the end of extended support in July 2015. Start planning now to have a smooth,
Most IT administrators are aware that Windows Server 2003 will reach the end of extended support in July 2015. Start planning now to have a smooth, easy, and cost-effective transition to new infrastructure
More informationMicrosoft Update Management. Sam Youness Microsoft
Microsoft Update Management Sam Youness Microsoft Microsoft s Areas of Focus for ICS Risk Management Secure Development Device and Network Security Identity and Access Management Operational Response Get
More informationLESSON 6.3. 98-365 Windows Server Administration Fundamentals. Understand Updates
Understand Updates Lesson Overview In this lesson, you will learn about: Update management Microsoft Baseline Security Analyzer (MBSA) Windows Server Update Services Anticipatory Set What is the Windows
More informationIvan Medvedev Principal Security Development Lead Microsoft Corporation
Ivan Medvedev Principal Security Development Lead Microsoft Corporation Session Objectives and Takeaways Session Objective(s): Give an overview of the Security Development Lifecycle Discuss the externally
More information+ MANAGED & CLOUD SERVICES. End of Exchange 2003 - Decision Guide
+ MANAGED & CLOUD SERVICES End of Exchange 2003 - Decision Guide How to Use this Guide On April 8, 2014, Microsoft will end extended support for Exchange 2003. Business technology has changed dramatically
More informationElements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You
Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support
More informationAppSecUSA New York City 2013
AppSecUSA New York City 2013 ME? Simón Roses Femerling Founder & CEO, VULNEX www.vulnex.com Blog: www.simonroses.com Twitter: @simonroses Former Microsoft, PwC, @Stake DARPA Cyber Fast Track award on software
More informationTaking a Proactive Approach to Linux Server Patch Management Linux server patching
Taking a Proactive Approach to Linux Server Patch Management Linux server patching In years past, Linux server patch management was often thought of in terms of we don t patch our servers unless there
More informationI D C T E C H N O L O G Y S P O T L I G H T. W i n d ow s Serve r 2 0 0 3 E n d o f L i f e : An Opportunity t o E va l u a t e I T S tr a t e gy
I D C T E C H N O L O G Y S P O T L I G H T W i n d ow s Serve r 2 0 0 3 E n d o f L i f e : An Opportunity t o E va l u a t e I T S tr a t e gy February 2015 Adapted from Forced Migration: Windows Server
More informationCustom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
More informationCompensating Security Controls for Windows Server 2003 Security
ESG Solution Showcase Compensating Security Controls for Windows Server 2003 Security Date: May 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: It is common knowledge by now that Microsoft
More informationThe Business Case Migration to Windows Server 2012 R2 with Lenovo Servers
The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers New levels of integration and capabilities provide the foundation for building more successful businesses with this new infrastructure
More informationOWASP Spain Barcelona 2014
OWASP Spain Barcelona 2014 ME & VULNEX Simon Roses Femerling Founder & CEO, VULNEX www.vulnex.com @simonroses @vulnexsl Former Microsoft, PwC, @Stake Black Hat, RSA, OWASP, SOURCE, AppSec, DeepSec, TECHNET,
More informationTesting Control Systems
Testing Control Systems with Microsoft s Attack Surface Analyzer { Digital Bond, Inc Michael Toecker, PE ddddddddd ICSJWG October 15 th 18 th Track III { { Michael Toecker, PE Professional Engineer 8 Years
More informationWindows Server 2003 will hit End of Support on July 14, 2015. This news has prompted IT pros to evaluate their options which range from accepting the
Windows Server 2003 will hit End of Support on July 14, 2015. This news has prompted IT pros to evaluate their options which range from accepting the risks of running an unsupported OS to upgrading all
More informationOperating System Security
Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System
More informationStaying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
More informationThe Security Development Lifecycle. OWASP 24 June 2010. The OWASP Foundation http://www.owasp.org
The Security Development Lifecycle 24 June 2010 Steve Lipner Senior Director of Security Engineering Strategy Trustworthy Computing Microsoft Corporation SLipner@microsoft.com +1 425 705-5082 Copyright
More informationReport on Hong Kong SME Cloud Adoption and Security Readiness Survey
Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly
More informationHandling Hyper-V. In this series of articles, learn how to manage Hyper-V, from ensuring high availability to upgrading to Windows Server 2012 R2
White Paper Handling Hyper-V In this series of articles, learn how to manage Hyper-V, from ensuring high availability to upgrading to Windows Server 2012 R2 White Paper How to Make Hyper-V Virtual Machines
More informationPatch Management Policy
Patch Management Policy L2-POL-12 Version No :1.0 Revision History REVISION DATE PREPARED BY APPROVED BY DESCRIPTION Original 1.0 2-Apr-2015 Process Owner Management Representative Initial Version No.:
More informationImplementing Security Update Management
Implementing Security Update Management Wayne Harris MCSE Senior Consultant Certified Security Solutions Business Case for Update Management When determining the potential financial impact of poor update
More informationCommon email security headaches. Common email security headaches and how to avoid them. PineApp.com
Common email security headaches and how to avoid them PineApp.com i Contents The problem 3 The solution 4 Common security challenges and solutions 5 Scenario one 5 How it works now How it should work Scenario
More informationThe Importance of User Workspace Virtualization in Desktop Virtualization
res Software // Whitepaper The Importance of User Workspace Virtualization in Desktop Virtualization Whitepaper Transforming Desktops into Workspaces 2 Table of content: Abstract... 3 What is desktop virtualization?...4
More informationWindows Server 2003. Your data will be non-compliant & at risk on
Your data will be non-compliant & at risk on Windows Server 2003. On July 14 th 2015, Microsoft will cease its support (including automatic bug fixes, updates and online technical assistance) for Windows
More informationSandbox Roulette: Are you ready for the gamble?
Sandbox Roulette: Are you ready for the gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com What is a sandbox? In computer security terminology, a sandbox is an environment designed
More informationEnd of Support Should Not End Your Business. Challenge of Legacy Systems
End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period
More informationRed Hat Enterprise Linux: The ideal platform for running your Oracle database
Red Hat Enterprise Linux: The ideal platform for running your Oracle database 2 Introduction 2 Scalability 2 Availability 3 Reliability 4 Manageability 5 Red Hat subscriptions 6 Conclusion www.redhat.com
More informationThe SDL Progress Report. Progress reducing software vulnerabilities and developing threat mitigations at Microsoft
The SDL Progress Report Progress reducing software vulnerabilities and developing threat mitigations at Microsoft 2004-2010 The SDL Progress Report This document is for informational purposes only. MICROSOFT
More informationWindows XP End-of-Life Handbook for Upgrade Latecomers
s Why Windows XP End-of-Life Handbook for Upgrade Latecomers s Why Introduction Windows XP end of life is April 8, 2014. Do you have Windows XP systems but can t upgrade to Windows 7 or Windows 8, or can
More information2015 Vulnerability Statistics Report
2015 Vulnerability Statistics Report Introduction or bugs in software may enable cyber criminals to exploit both Internet facing and internal systems. Fraud, theft (financial, identity or data) and denial-of-service
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationhttp://www.vassure.com
Technical Case Study: Patch Management This is subsequent to Summary of Projects VMware - ESX Server to Facilitate: IMS, Server Consolidation, Storage & Testing with Production Server VAssure Virtualization
More informationProtecting the Irreplacable. November 2013 Athens Ian Whiteside, F-Secure Ian.Whiteside@f-secure.com
Protecting the Irreplacable November Athens Ian Whiteside, F-Secure Ian.Whiteside@f-secure.com PC Sales continue to fall. Lack of innovation and no excitement Windows 8 doesn t seem to have excited the
More informationSystem Center Configuration Manager
System Center Configuration Manager Software Update Management Guide Friday, 26 February 2010 Version 1.0.0.0 Baseline Prepared by Microsoft Copyright This document and/or software ( this Content ) has
More informationBrochure. Update your Windows. HP Technology Services for Microsoft Windows 2003 End of Support (EOS) and Microsoft Migrations
Brochure Update your Windows HP Technology Services for Microsoft End of Support (EOS) and Microsoft Migrations Stabilize and secure your infrastructure Microsoft will end support for Windows Server 2003/R2
More informationWindows Server 2003 will reach End of Support on July 14, 2015. This has prompted IT professionals to evaluate their options which range from
Windows Server 2003 will reach End of Support on July 14, 2015. This has prompted IT professionals to evaluate their options which range from accepting the risks of running an unsupported OS to upgrading
More informationMicrosoft Windows XP Vulnerabilities and Prevention
Managing Your Legacy Systems: What Will Life Be Like After Windows Server 2003? After Microsoft ended support for Windows XP last April 8, 2014, users and organizations alike that continued to use the
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationAVOIDING PATCH DOOMSDAY Best Practices for Performing Patch Management
AVOIDING PATCH DOOMSDAY Best Practices for Performing Patch Management The Patch Management Imperative Nearly every business in the world today depends on IT to support day-to-day operations and deliver
More informationVirtualization: Advanced Technology or Magic Bullet?
Virtualization: Advanced Technology or Magic Bullet? Doug Hafford V.P. Consulting Services Proud Member of SoCalPROS and NorCalPROS GLA ALA Emerald Sponsor OCALA Agenda Virtualization Technology How Long
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationAN INTRODUCTION TO HOSTING
AN INTRODUCTION TO HOSTING This overview is designed to provide a clear understanding of hosting, its benefits and how Connectria stands apart from the competition. NO JERKS ALLOW ED WHAT IS HOSTING? The
More informationWIN XP Don t Get Left Behind
WIN XP Don t Get Left Behind By Eric Reichert Product Marketing Specialist Industrial PCs and HMIs Phoenix Contact USA Abstract When Chaucer said that all good things must come to an end, he undoubtedly
More informationA Path from Windows Desktop to HTML5
A Path from Windows Desktop to HTML5 GIZMOX TRANSPOSITION: The path to modern enterprise application code a Reduce Risk, Cost, and Time to Market for Legacy App Conversions GIZMOX TRANSPOSITION Introduction
More informationNOT PROTECTIVELY MARKED. A087 Version 1.0
POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Vulnerability & Patch Management POLICY REFERENCE NUMBER A087 Version 1.0 POLICY OWNERSHIP DIRECTORATE
More informationRed Hat. www.redhat.com. By Karl Wirth
Red Hat Enterprise Linux 5 Security By Karl Wirth Abstract Red Hat Enterprise Linux has been designed by, and for, the most security-conscious organizations in the world. Accordingly, security has always
More informationSTAND THE. Data Center Optimization. Q&A with an Industry Leader
Q&A with an Industry Leader Government is faced with exploding demand to provide services to end users, be they ordinary citizens or war fighters. The data center is a primary resource that overworked
More informationStreamlining Patch Testing and Deployment
Streamlining Patch Testing and Deployment Using VMware GSX Server with LANDesk Management Suite to improve patch deployment speed and reliability Executive Summary As corporate IT departments work to keep
More information4 Critical Risks Facing Microsoft Office 365 Implementation
4 Critical Risks Facing Microsoft Office 365 Implementation So, your organization has chosen to move to Office 365. Good choice. But how do you implement it AND deal with the following issues: Keep email
More informationMake Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015
G00263819 Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 Published: 18 June 2014 Analyst(s): Carl Claunch Support for Windows Server 2003 will end in July 2015. Production
More informationGREEN HOUSE DATA. 4 Steps to Secure BYOD. Using Virtual Desktops To Increase Productivity Without Increasing Risk. Built right. Just for you.
Built right. Just for you. 4 Steps to Secure BYOD Using Virtual Desktops To Increase Productivity Without Increasing Risk Presented by Green House Data Green House Data 304 Progress Circle Cheyenne, WY
More informationPenetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.
1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers
More informationINTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3,
More informationCloud Backup and Recovery
1-888-674-9495 www.doubletake.com Cloud Backup and Recovery Software applications and electronic data are the life blood of a business. When they aren t available due to a disaster or outage, business
More informationAzul's Zulu JVM could prove an awkward challenge to Oracle's Java ambitions
Azul's Zulu JVM could prove an awkward challenge to Oracle's Java ambitions Analyst: John Abbott 26 Feb, 2014 Azul Systems, best known for its Zing scalable Java runtime, has been introducing a new product
More informationStreamline Your Windows OS Migration with Novell Endpoint Lifecycle Management Suite
Technical White Paper Endpoint Management Streamline Your Windows OS Migration with Novell Endpoint Lifecycle Management Suite Table of Contents page Windows 7: The Fastest, Most Widespread OS Migration
More informationSMART PREPARATION FOR DATA CENTER MIGRATION
SMART PREPARATION FOR DATA CENTER MIGRATION There are several common reasons why a data center migration could become necessary. As existing infrastructure ages and service contracts expire, companies
More informationMicrosoft Baseline Security Analyzer (MBSA)
Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to determine security state by assessing missing security updates and lesssecure
More informationSimplify Your Windows Server Migration
SOLUTION BRIEF: ENDPOINT MANAGEMENT........................................ Simplify Your Windows Server Migration Who should read this paper Windows Server 2003 customers looking to migrate to the latest
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationWindows Server 2003 migration: Your three-phase action plan to reach the finish line
WHITE PAPER Windows Server 2003 migration: Your three-phase action plan to reach the finish line Table of contents Executive summary...2 Windows Server 2003 and the big migration question...3 If only migration
More informationAltiris IT Management Suite 7.1 from Symantec
Altiris IT 7.1 Achieve a new level of predictability Overviewview Change is inevitable for IT and it comes from several sources: changing needs from lines of business, managing and supporting too many
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationIntelligent End User Compute Strategy. Ted Smith Nigel Brown
Intelligent End User Compute Strategy Ted Smith Nigel Brown Introduction Microserve Technical Service Managed Services Professional Services BCNet provider of Desktops, notebooks, tablets, displays, print
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationCPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT
26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment
More informationRelocating Windows Server 2003 Workloads
Relocating Windows Server 2003 Workloads An Opportunity to Optimize From Complex Change to an Opportunity to Optimize There is much you need to know before you upgrade to a new server platform, and time
More informationDeep Security Vulnerability Protection Summary
Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security
More informationDeputy Secretary for Information Technology Date Issued: November 20, 2009 Date Revised: December 20, 2010. Revision History Description:
Information Technology Policy Commonwealth of Pennsylvania Governor's Office of Administration/Office for Information Technology ITP Number: ITP-SYM008 ITP Title: Server Virtualization Policy Issued by:
More informationPlanning and Administering Windows Server 2008 Servers
Planning and Administering Windows Server 2008 Servers MOC6430 About this Course Elements of this syllabus are subject to change. This five-day instructor-led course provides students with the knowledge
More informationManaging the Risks of Running Windows Server 2003 After July 2015
G00263054 Managing the Risks of Running Windows Server 2003 After July 2015 Published: 1 April 2014 Analyst(s): Carl Claunch Windows Server 2003 and Windows Server 2003 R2 reach the end of their extended
More informationA BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD
CONTINUOUS MONITORING A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD Healthcare companies utilizing cloud infrastructure require continuous security monitoring. Learn how to prevent
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationThree Ways to Secure Virtual Applications
WHITE PAPER Detect, Scan, Prioritize, and Remediate Vulnerabilities Table of Contents Subtitle 1 Headline 3 Headline 3 Sub-Headline 3 ConcIusion 3 About BeyondTrust 4 2 2013. BeyondTrust Software, Inc.
More informationCompliance series Guide to meeting requirements of USGCB
Compliance series Guide to meeting requirements of USGCB avecto.com Contents Introduction to USGCB 2 > From FDCC to USGCB 3 > USGCB settings and standard user accounts 3 > Application compatibility 4 >
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationITIL Asset and Configuration. Management in the Cloud
ITIL Asset and Configuration Management in the Cloud An AWS Cloud Adoption Framework Addendum September 2015 A Joint Whitepaper with Minjar Cloud Solutions 2015, Amazon Web Services, Inc. or its affiliates.
More informationGuideline on Vulnerability and Patch Management
CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board
More informationWho moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration
Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration Part I of an ebook series of cloud infrastructure and platform fundamentals not to be avoided when preparing
More informationOpen Source Voting Systems
Presented to: 2015 State Certification Testing of Voting Systems National Conference Paul W. Craft Kathleen A. McGregor May, 19, 2015 Introduction One concern raised in the aftermath of Election 2000 was
More informationHow Traditional Physical Backup Imaging Technology Fits Into a Virtual Backup Solution
Virtualization Backup and Recovery Solutions for the SMB Market The Essentials Series How Traditional Physical Backup Imaging Technology Fits Into a Virtual Backup Solution sponsored by Introduction to
More informationModule: Sharepoint Administrator
Module: Sharepoint Administrator Mode: Classroom Duration: 40 hours This course teaches IT Professionals to design and deploy Microsoft SharePoint 2010. Course Outline: Module 1: Designing a Logical Architecture
More informationMICROSOFT SERVER LICENSING IN A VIRTUAL ENVIRONMENT. Brought to you by Altaro Software, developers of Altaro VM Backup
LICENSING MICROSOFT SERVER IN A VIRTUAL ENVIRONMENT Brought to you by Altaro Software, developers of Altaro VM Backup Compiled and written by Eric Siron Disclaimer Software licensing is a legal matter.
More informationUnderstanding & Improving Hypervisor Security
The Essentials Series: Security Concerns & Solutions Understanding & Improving Hypervisor Security sponsored by by Greg Shields Understanding & Improving Hypervisor Security...1 What Is the Hypervisor?...1
More information