There is an increasing amount of buzz around Microsoft’s upcoming plan to stop releasing security patches for Windows XP. While the majority of the noise is doom and gloom, it becomes important to look at this from a practical perspective to figure out what an organization can do to see itself through this transition smoothly and safely.
As hard as IT teams try, they may not be able to migrate all Windows XP machines to Windows 7. Whether it is due to holdout executives who try to avoid change, or to software on ATMs, point-of-sale systems and in critical infrastructures that currently only support XP, organizations will be left with a number of Windows XP machines after the drop date on April 8, 2014.
In this slideshow, AlienVault, provider of unified security management solutions and crowd-sourced threat intelligence, will examine the five steps that an organization should take in order to mitigate the risks, even after they stop receiving the Windows XP security updates.
Click through for five steps organizations should take if they are unable to migrate all Windows XP systems before the April 8, 2014 EOL deadline, as identified by AlienVault.
Limit access by other machines in your environment
Ensure that the Windows XP machines are placed on a dedicated network segment and limit access by other machines within an organization’s environment. By segmenting these machines, it will minimize the chances for the machines to be targeted and exploited. Organizations should be most concerned about the assets that are running their business systems. For example, regarding the recent breach at Target, the retailer’s point-of-sale terminals were running Windows XP embedded. By cutting terminals off from the remaining network, it could have accomplished a lot.
Reduce the privileges of your existing user accounts
Oftentimes, the majority of exploits targeting desktop software, including Web browsers, Java, Adobe Flash and Adobe Reader, are mitigated when the user account is a standard user. When an organization tries to mitigate an existing user account to a non-administrative account, it becomes a disruptive task. Organizations should try to reduce the privileges of their existing user accounts.
Use an up-to-date browser
Organizations need to use a browser with a long-term support plan. If users are able to browse the Web from the Windows XP machine, they should at least use a browser that is up-to-date. If an organization decides to allow browsing, please remember to turn off the plug-ins.
Read email in an updated browser
While using an up-to-date browser (because you are following recommendation number 3, right?), an organization should leverage its email server’s Web front-end. Make sure to be conservative about the attachments that are downloaded and opened.
Always monitor your systems
Organizations need to always check their work and monitor their systems because after all, you do want to catch an incident before it turns into an issue. Make sure that you look out for command and control traffic, internal probing and increased network activity, in addition to other signs of an infection.