Your Source for Security Cameras & Other Security Equipment

Secuirty Risks

Obsolete Tech Security

While it is a testament to the quality of the product, systems that have maintained their performance over many years may eventually pose a risk to your business. Although they may be working fine, if the manufacturer discontinues support for that product and you continue to use it, your security risks will steadily increase. Because support is eliminated, your system will no longer receive the necessary updates and patches, leaving your system vulnerable to hackers.

A great example of this is the case with Windows Vista. Moving forward, it will no longer be supported, thus no further security updates or functionality fixes will be provided. Security risks run high the longer you leave these unsupported systems within your business.

End-Of-Life Technology
There are many cases that prove the high risks of end-of life technology. Recently, a remote code execution (RCE) vulnerability in Microsoft’s Internet Information Server (IIS) version 6 and proof-of-concept (PoC) exploitation was found. The extended support for IIS 6 ended in July 2015, meaning systems could have been upgraded in the two years since then. However, “independent web server surveys suggest that IIS 6.0 still powers millions of public websites” on at least 300,000 public servers.

Since evidence of exploitation of this IIS 6 vulnerability was found over a year after the end of support, hackers are likely to use the PoC technique to take advantage of the flaw. Once hackers have gained access, they can navigate their way through the system to exploit various aspects. Hackers may compromise the IIS 6 server, extract intelligence and use that and its resources to compromise more systems and possibly escalate privileges. Furthermore, anything hosted by the IIS 6 server machine becomes at risk.

How To Manage End-Of-Life Risks
Protection should begin with the basics of risk management and technology planning. Companies should actively manage risks in regards to maintaining and securing obsolete technology versus the cost of upgrading the system. While vendors often give early notices of end-of-life milestones, these things should be considered early on.

When considering your risks, ask yourself these questions:

  • How many obsolete technology and devices are still in your network?
  • What do they do in terms of your business?
  • What systems do they communicate with?

Once you have the inventory, the next step is basic risk and cost analysis:

  • What’s the risk if they are ever compromised?
  • What’s the cost to update them and their applications?

It may be hard to decide whether to keep your old equipment or upgrade, especially for those with tight budgets. Sometimes the cost of maintaining obsolete technologies is about the same or more than replacing the system all together, which is why all aspects should be taken into consideration.

Upgrading
As mentioned, the change-of-platform planning should be discussed during the design process. If not, the end-of-life notice from the vendor should serve as a reminder to begin planning transitions for all systems, clients, servers, and other invisible back-end and interconnected systems that may be forgotten. And not only does IT staff need to be on top of these things, but everyone who would be affected by a system transition should be made aware of impending changes.

End-of-life tech issues are much more complex than they appear. Because the IT industry is so widely diverse, the products and tech often expire quickly. Because of this, conscious planning for this is crucial.
You should maintain inventory and thoroughly map the connected systems and their value to help any future upgrades.

Does your business have a change-of-platform plan should your technologies reach their end-of-life sooner than later? Share your ideas with us on Facebook, Google+, Twitter, LinkedIn, and Pinterest.

Find a great selection of CCTV surveillance packages, security cameras, and more at SecurityCamExpert.com. Call 888-203-6294 to learn more about our products and services.

Recent Comments