Secure Today

Most of organizations have spend enormous effort and money to  bring up the defenses against external attacks. Equally important is how we secure our internal assets from various threats in an ongoing basis. The presence of unsupported Operating System & applications within enterprise is one such great threat which is often neglected or missed out.

In the recent Conficker outbreak globally many customers had presence of infection on unsupported OS, making them impossible to patch as Microsoft patches were not available. Reason being those Operating systems already completed 5 year Microsoft support, crossed extended support and came to the category of “retired” OS. The presence of such un-patched unsupported systems are not limited to Microsoft environment but equally in other flavors like Linux, Mac etc. These are safe homes for virus, Trojans, bots and pose significant risk by itself. Quite interestingly most of these legacy or old systems wont be seen in DNS. Such systems pose a significant risk to the organization by itself. Continues measures needs to be taken to identify such systems or applications and get them decommissioned!

These systems or applications are present in most of the organizations for various reasons..

1. LEGACY: A good numbers of them were either used to run legacy applications and are now forgotten or abandoned or lost interest in up-gradation.
2. BUNDLED DEVICES:Others are still being used for embedded applications/controllers like security camera, printers etc. Its quite possible that individual risk assessment of these components gets left out.
3. BUSINESS REQUIREMENT:There might be a business need for such systems to support specific application. Its an unseen risk until the organization analyze the threat it can bring in.

The situation is little scary if they are noticed in critically risky environments ( like thermo nuclear plants, hydro electric plats,real-time systems, defense,medical system, government establishments) where the risk associated with such bundled products are enormously high.

Management should take the initiative that these systems are identified and tackled. This should be an ongoing activity. Asset management can help in this to a great extend if its well planned and designed. A good asset management keeps track of unused desktops/servers, hosts assigned to employees who are no longer with the organization, etc.. This also helps in building a formal end of life (EOL) strategy for proper disposal of unsupported OS and applications.

Identifying unsupported systems from network will continue to be a challenging task until such measures are taken. Nessus has come with few plugins to detect Unsupported Operating system, which covers Windows NT 4.0, Windows 95/98/ME, Microsoft Exchange Server Unsupported version, Mac OSX and Unsupported Unix and Linux. With a good asset management and proper management support this risk can be addressed to a greater extent.