Featured Posts

<< >>

Clock Ticking on Server 2003 Deployments

Now that everybody has worked Windows XP out of the PC fleet (LOL), another Redmond deadline looms. Microsoft (MSFT) will be ending all support on the venerable workhorse of many organizations, Windows Server 2003. Windows Server 2003 (and R2) will cease to be supported by Microsoft on July 14, 2015. Yeap that is less than one year.

Coffee v. Beer

One of my favorite non-Tech blogs is I Love Coffee. The author is Ryoko Iwata, a self-described caffeinated Japanese woman living in Seattle. It is full of infographics, facts, quizzes, and other fun visual stuff about coffee and sometimes sushi. This infographic breaks down how two vital elixirs: coffee and beer affect your creativity and

Passed Comptia Security+

I passed the CompTIA Security+ test this week! Another item for the resume.

Top Troll Reloads

It’s been a good year for patent trolls, and now the biggest troll of them all wants to keep the party going reports Jeff John Roberts at GigaOM. He points to a report reveals that Intellectual Ventures has acquired more than 200 new patents, which will help IV extend its legal tentacles in fields like

Many Ex-employees Can Still Access Privileged Info

 InfoSecurity Magazine recently published an article which blames cavalier attitudes about password management for a new era of data breaches. The article says that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches. The author

Clock Ticking on Server 2003 Deployments

Clock Ticking on Server 2003 DeploymentsNow that everybody has worked Windows XP out of the PC fleet (LOL), another Redmond deadline looms. Microsoft (MSFT) will be ending all support on the venerable workhorse of many organizations, Windows Server 2003. Windows Server 2003 (and R2) will cease to be supported by Microsoft on July 14, 2015. Yeap that is less than one year.

Windows Server 2003 logoPaul Mah at FierceCIO explains that Windows Server 2003 will be end-of-support phase on July 14, 2015, and will no longer be updated with security patches and bug fixes. He points out that companies that continue to run Windows Server 2003 July 14, 2015 will start to fail standard compliance audits. Regulations such as HIPAA, PCI and SOX requires regulated industries to run on supported platforms. Michael Cobb at SearchSecurity reminds us that most compliance and regulatory standards consider running end-of-life software as a control failure.

FierceCIO estimates that custom support agreements for Windows Server 2003 will have a hefty price tag of $200,000 per year. The article quotes Brad Anderson, Microsoft corporate vice president of Windows Server and System Center, “If new issues do happen to be found, the only way to receive additional updates will be through a custom support agreement.”

End of LifeCompliance considerations aside Windows Server 2003 would have been in operation for 12 years at that point. The article says companies that continue to use an unsupported platform could find support for some server applications suspended–including all Microsoft applications.

Microsoft is expecting a large number of existing deployments to be migrated to its latest Windows Server 2012 platform. This mandatory migration could help MSFT with its market share against is virtual nemesis VMware (VMW). Mr. Anderson says a lot of Server 2003 machines need to be upgraded.

The fact of the matter is that there is a significant amount of Windows Server 2003 to upgrade around the world. We estimate that there are more than 15 million physical servers that are likely to be upgraded over the next 12 months.

Microsoft Hyper-V logoMigrating millions of servers to Windows Server 2012 give Microsoft’s virtualization technology, Hyper-V, a big boost, noted eWeek. This is because Windows Server 2003 doesn’t have any virtualization technology baked in, unlike Server 2012 which comes with Hyper-V for support for up to 1,024 active virtual machines (VM) and up to 1TB of memory per VM.

The clock is ticking though for companies looking to make the switch. The FierceCIO article reports the average Windows Server migration takes 200 days. This means that organizations looking to get started very soon, or risk running out of time.

Over at SearchSecurity, Michael Cobb, CISSP, offers a starting point for migrating from Windows Server 2003.

Start upgrading nowStart now - Mr. Cobb warms that phasing out Windows Server 2003 will be a complicated process there are choices that must be made that will affect infrastructure strategies for the foreseeable future.

Hosted Services – Organizations using hosted services will have no choice but to update their legacy software. Mr. Cobb says providers will ultimately force customers to upgrade from Windows Server 2003 so that they can continue to provide the support and security promised in their service-level agreements.

Enterprises have a couple of upgrade options when it comes to retiring Windows Server 2003 according to Mr. Cobb.

  • Changing from Windows to a Unix-based OS won’t realistically be an option for many enterprises, as their key applications will only run on a Windows machine. Because application compatibility and a lack of in-house skills are likely the overriding issues, Unix is not an option for most companies.

  • Going to Windows Server 2012 - While it is the latest Microsoft server OS, it can’t run 16-bit Windows-based applications, and 32-bit applications must be run in an emulator, making this option also unattractive because of compatibility issues according to the author of www.hairyitdog.com.
  • Windows Server 2003 x64 Edition - Enterprises already running 64-bit applications on should consider upgrading their hardware and moving straight to Windows Server 2012.
  • Windows Server 2008 - Since Windows Server 2003 servers are likely to be running on old hardware, this upgrade route — while cheaper short-term — will probably just delay legacy hardware and software issues to a later date as both will need replacing prior to 2020 when Windows Server 2008 reaches the end of its extended support period.

SearchSecurity offers these starting points:

  • Start rewriting old applications now so the inevitable problems and errors can be sorted out. It is also a great opportunity to not only improve security and stability, but also add much-needed new features to enterprise systems.
  • Contact vendors now about 64-bit versions of key application software. If vendors have no plans to offer application upgrades, it’s time to start searching for replacements. Legacy software is always an attractive target for hackers, particularly if it is no longer supported by the original vendor.

Rewriting applications and upgrading licenses and hardware is complex, time-consuming and costly, but vulnerable systems and data could ultimately be even more expensive. CISSP Cobb warns that doing nothing is not an option. Enterprises must start planning their migration strategies now to avoid making hasty decisions once the reality of unsupported software has already disrupted operations.

rb-

De Ja Vu all over againWill the last-minute scramble to migrate from the Windows XP repeat itself all over again? To quote the immortal Yogi Berra, will it be déjà vu all over again.

The rule of thumb for successful migrations is to plan ahead, be thorough and don’t wait until the last-minute if it can be avoided.  Despite this fact, a survey by AppZero found that:

  • 57% of Microsoft customers are still running WS 2003
  • 94% of those running WS 2003 intend to migrate, but only 24% are ready to do so
  • 40% not sure of upgrade path

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

 

Coffee v. Beer

Coffee V. BeerOne of my favorite non-Tech blogs is I Love Coffee. The author is Ryoko Iwata, a self-described caffeinated Japanese woman living in Seattle. It is full of infographics, facts, quizzes, and other fun visual stuff about coffee and sometimes sushi. This infographic breaks down how two vital elixirs: coffee and beer affect your creativity and energy.

Your Brain on Beer Vs. Coffee

rb-

The obvious question is what happens if you make coffee with beer or beer from coffee?

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Passed Comptia Security+

I passed the CompTIA Security+ test this week! Security+_CE

Another item for the resume.

Top Troll Reloads

Top Troll ReloadsIt’s been a good year for patent trolls, and now the biggest troll of them all wants to keep the party going reports Jeff John Roberts at GigaOM. He points to a report reveals that Intellectual Ventures has acquired more than 200 new patents, which will help IV extend its legal tentacles in fields like wireless infrastructure and cloud computing.

Patent troll aquires more patentsGigaOM explains that IV’s peculiar brand of innovation involves acquiring old patents and using them to arm thousands of shell companies, whose sole business is to extract licensing fees from productive businesses.

News of IV’s restocked war chest, which Reuters says is partially funded by Microsoft (MSFT) and Sony (SNE) comes after earlier reports that initial investors, including Apple (AAPL) and Intel (INTC) declined to take part in IV’s newest trolling fund. According to the report, by law firm Richardson Oliver and spotted by IAM, the fund is on track since IV purchased 16 percent of all available patent packages in the first half of 2014. A chart by the firm suggests it paid $1-$2 million in most cases; here’s a partial look:

Patent Troll may target cloud computing next

Rampant  mobile phone patent trollingThe chart shows six patents related to the cloud computing industry, which has so far escaped the rampant patent trolling that has plagued mobile phone and app developers. The author speculates cloud computing could now be prime picking for IV in the coming year.

IV is well-positioned to exploit the patents thanks to Senate Democrats, who in May killed a bipartisan Patent reform bill that would have undercut many of the economic incentives for patent trolling according to Mr. Roberts. IV has also been active on the lobbying front, filing to start a PAC this year and donating sums of money to Senator Dick Durbin (D-Il), who is closely allied to the trial lawyer lobby that reportedly helped to derail reform.

Corrupt politcanGigaOM believes darker clouds could be looming for IV. They cite growing public skepticism towards patent trolls, who now account for 67 percent of all new lawsuits. The trolls have received harsh treatment from the likes of NPR and the New York Times, while the Supreme Court’s repeated criticism of slip-shod patents may finally be making it harder for companies to abuse them.

Meanwhile, respected tech figures like Marco Arment have lashed out at IV’s business model as “cowardly” while inventors like Tesla’s Elon Musk have questioned the value of patents to begin with.

rb-
Uh oh, the world’s biggest patent troll has restocked its weapons chest — and it looks like their next target will be cloud computing.

Many Ex-employees Can Still Access Privileged Info

 InfoSecurity Magazine recently published an article which blames cavalier attitudes about password management for a new era of data breaches. The article says that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches.

Access filesThe author cites a survey from Lieberman Software of IT security professionals. In the survey 13% of IT security pro’s interviewed at the RSA Conference 2014 in San Francisco admit to being able to access previous employers’ systems using their old credentials.

Perhaps even more alarming is that of those able to access previous employers’ systems nearly 23% can get into their previous two employers’ systems using old credentials. And, shockingly, more than 16% admit to still having access to systems at all previous employers Lieberman reports. Philip Lieberman, CEO and president of the company, told InfoSecurity in an interview that he blames executives who are satisfied with only meeting minimum security requirements.

Investments in security for technology, people and processes have been meager, at best, in most organization for many years … many C-level executives have been strongly discouraged from implementing anything other than the minimum security required by law.

Staff leavingThe survey also showed a communications breakdown between the IT Pro’s and management. Nearly one in five respondents admit that they do not have, or don’t know if they have, a policy to make sure that former employers and contractors can no longer access systems after leaving the organization according to the article.

The survey also found that current employees are also a concern. The InfoSecurity article says that almost 25% of employees surveyed said that they work in organizations that do not change their service and process account passwords within the 90-day time frame commonly cited as best practice by most regulatory compliance mandates. Lieberman pointed out that users who run with elevated privileges can introduce all sorts of IT headaches by downloading and installing applications, and changing their system configuration settings. CEO Lieberman warned that an organization would be wise to strictly control and monitor the privileged actions of its users by:

  1. Get control over privileged accounts. Start by generating unique and complex passwords for every individual account on the network – and changing these passwords often (no more shared or static passwords).
  2. Make sure you’re securely storing current passwords and making them available only to delegated staff, for audited use, for a limited time (no more anonymous and unlimited privileged access – for anyone).
  3. Automate the entire process with an enterprise-level privileged identity management approach. Mr. Lieberman argues,. “when users exhibit poor behavior while logged into their powerful privileged accounts, you can be immediately alerted and respond to the threat.”

Head in the sandMr. Lieberman told InfoSecurity that In the wake of the Edward Snowden / NSA scandal and the Target breach, one would think that corporations would feel that minimizing the insider threat and the attempts of sophisticated criminal hackers to groom those with privileged accounts would be of tantamount importance. But, Lieberman cited a “half-life mentality of opening the pocketbook for security investments immediately after a data breach occurs, but then diminishing back to basic security after a few months.

rb-

When an employee leaves the company, it’s imperative to ensure that he or she is not taking the password secrets that can gain access to highly sensitive systems.

To back this up, Verizon’s 2013 annual Data Breach Investigations Report says that more than three-quarters (76%) of network intrusions relied on weak or stolen credentials – a risk that Verizon describes as “easily preventable”.

Creating Privileged Accounts:

  • Never issue direct access to Administrator or Root, create a unique alias.
  • Require password complexity, history and expiration.

Disabling Privileged Accounts:

  • Get the termination notice in writing from someone up the food chain before acting, then disable the account ASAP.
  • Disable the account, Lock the account, Change the password.
  • Don’t change the user name or delete the account until you are sure. Prematurely removing an Admin Account could break some applications or connectors.
  • Don’t forget about other accounts, email, VPN, wipe mobile devices, access control PINs.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.