Posts Tagged: ‘Security Risk’

Danger Ahead If You Are Still Using Microsoft Server 2003!

upgradeOn July 14, 2015, Microsoft ended support for their popular Server 2003 product range. The original Server 2003, the Small Business Server and updated Windows Server 2003 R2 are included in this end of support process. These Microsoft products support file and printer sharing, centralized desktop application deployment and secure Internet connectivity. Each of these products were aimed towards the small to medium-sized businesses.

Since Microsoft ended its support for Server 2003, they will no longer provide software patches or issue security updates. This is the case for any version of Server 2003. Continued use of Server 2003 constitutes operating your business on a dangerously outdated piece of equipment. It is no longer serviced and the manufacturer no longer provides parts for this product. You are putting yourself and your business in jeopardy if you continue to use this product and the risks will only escalate over time.

Why Would Anyone Continue to Use Server 2003?

Do you understand the risks of continuing to use Server 2003? Geeks On Call encourages you should take this situation seriously or your business could be negatively impacted resulting in significant consequences. You should consider the following information as you make your Server 2003 migration plan.

  • Compliance Issues: Continuing to use a non-supported software can result in compliance issues leading to the suspension of certifications. Your business can be seriously impacted via public notification of the organization’s inability to securely maintain its computer systems. This situation places customer information at risk and creates compliance problems for your business. This is turn will lead to legal issues that can seriously damage your business’ reputation. Is it worth it?
  • Security Risks: Security threats to your business should be one of your biggest concerns. Without the security provided by an updated operating system, both your personal and business data is vulnerable to spyware and harmful viruses. It’s very likely that malicious viruses will be unleashed when Server 2003 is no longer supported by Microsoft.
  • Upgrade Expenses: Everyone worries about costs and expenses. If you think an upgrade will be too expensive, then we suggest you think again. Most likely, the upgrade will cost less than the problems that will arise if you don’t upgrade.

What Are The Alternatives to Server 2003?

  • Office 365 –Microsoft offers a cloud hosted version of much of the server software product. Additionally, it can function with the full range of Office software that includes Word, PowerPoint, Excel and Email Outlook. Plus, if you subscribe via a monthly service structure you can avoid purchasing new hardware and also minimize on site running costs. These costs include rent, security, electricity and air conditioning.  A smooth migration to Office 365 requires professional technical management and ongoing administration, but IT support can more easily be outsourced.
  • Windows Server 2012 R2 – Windows Server 2012 R2 delivers a long list of improvements compared to Windows Server 2003. It’s a steep learning curve to move directly from Windows Server 2003 to Windows Server 2012 R2. Users are advised not to make an interim upgrade to Windows Server 2008. Back in January 2015, that product was also removed from mainstream support. That isn’t a solution.
  • Microsoft Azure –Microsoft developed Azure for IT integrators to host their server infrastructure centrally and control locally. Then software applications can be deployed and more easily managed on an individual basis.

Geeks On Call advises you to take this situation very seriously. If you need help developing a migration plan, Geeks On Call’s technology professionals are here to help.

Understanding the Heartbleed Bug

Posting Date: 04/10/2014  |   Filed Under: Internet, Security, Technology, Tips  |   2 Comments
Tags: , , ,

Yesterday an enormous exploit was announced impacting OpenSSL, the open-source software package extensively used to encrypt Web communications. They named this exploit the Heartbleed Bug. Many have questions about what this bug is, how it will impact them, and what they should do to protect themselves online. Hopefully this post will help you answer these questions and more about the Heartbleed Bug.

 
What is the Heartbleed Bug?
The Heartbleed Bug uncovers a vulnerability in the OpenSSL cryptographic library that permits attackers to access to highly sensitive data that is regularly protected by the SSL/TLS encryption methods. This sensitive data includes username, passwords, credit card numbers and information on virtual private networks (VPN’s).

 

What is does?
This noxious Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” according to Heartbleed.com. The bug compromises the secret keys OpenSSL utilizes to encrypt online communications. With access to these secret keys, attackers are able to eavesdrop on communications, impersonate other users and steal information.

 

Who discovered it?
The Bug was uncovered a late last week by the Finnish security firm Codenomicon and analysts at Google who then revealed it on Monday. By mid-day Tuesday many websites stated they had already addressed the issue, or were in the process of upgrading their websites OpenSSL.

 

Are you at risk?
OpenSSL is the most commonly used open source cryptographic library and TLS implementation source to encrypt data on the Internet, so the answer is yes you are likely at risk. Popular social sites, your organization’s site, hobby and interest website, commerce or shopping websites and even government sites use OpenSSL and therefore may be impacted by this Bug.

 

What should you do to protect yourself?
Experts suggest that refraining from using the Internet for 2-3 days, specifically from accessing social sites, banking sites, and email accounts will give you the ultimate level of protection against the Heartbleed Bug. This is not realistic for most us, so it is suggested that you change all of your passwords once the OpenSSL update has been installed on the impacted website.

For more information visit www.Heartbleed.com.