Beyond Migration - Newsletter Autumn 2015

Newsletter Autumn 2015 l Page 01

Newsletter

Autumn 2015Windows Server2003 MigrationManagement

As mentioned in our blog

series, migrating anddecommissioning legacyWindows Server 2003workloads is no mean feat.For many organisations theproblem is not the operatingsystem, it is more an issue ofapplication dependenciesacross the estate. Now thesupport deadline has passedthe servers will becomemore vulnerable the longerthey are in service.

We believe the key tosuccessful server projects ishaving the right tools tomanage the Windows Serer2003 programme. Thereforewe provide specific WindowsServer 2003 functionalitywithin our software product“Lens”.

Lens automates discovery ofyour servers and applicationsmaking it far easier topredict costs and projecttimelines

Get in touch to learn more ortake part in a demonstration.

We’ve been busy at Beyond HQ developing a whitepaperthat discusses the main considerations when embarking ona Windows Server 2003 remediation programme. Wenoticed there was a lot of material on (a) the end of lifedeadline which has now passed and (b) a lot of technicalinformation. But little information available on projectmanagement approach which is critical considering thesensitive data and revenue generating apps that reside onthese servers. To download the whitepaper go to:

http://info.beyondmigration.com/windows-server-2003-elimination

The aim was to share some of our experience from the field but to alsodemonstrate that whilst it is possible to move workloads to newer platformslike Windows Server 2012 R2 it may also make sense to make use of existingcomputer systems – for instance an existing web farm on 2008.

We are also keen to hear back from others who are working in this field toshare ideas and approach and possibly meet to combine ideas. If this soundsof interest to you please do not hesitate to get in touch with Hutton athutton@beyondmigration.com.

LensLite – personal asset

management software

We believe asset management should not beexclusively for large corporate businesses. It iswell known that enthusiastic IT users have up to seven (yes, seven!)electronic devices. In our mind this will only increase with Windows 10being generally available. So we thought it would be really useful forindividuals to keep track of their devices. For free.

So we have recently launched a personal edition of our assetmanagement – LensLite. The main features are currently:

� Desktop computer configuration discovery

� Configuration History

� Windows 10 readiness checker

Why not try LensLite by going tohttp://lenslite.beyondmigration.com. We would loveto hear your feedback and ideas on how we canmake it more useful for you!

Windows Server 2003 White Paper

Newsletter Autumn 2015 l Page 02

Newsletter Autumn 2015

Critical patches that may affect Windows Server 2003

We recently took to making some videos and animationswhich are now online.

In this animation it provides an overview of our softwareproduct Lens:

And this video isa fictitious storyabout an ITmanager whodidn’t move hisservers to thecloud.

Should we be sticking to the day job? Let us know whatyou think and if you have any other subjects we couldmake a video about.

Lens Animation and Cloud Video

on a serious note,we were curioushow many patcheshave been releasedsince WindowsServer 2003stopped beingsupported andpatched byMicrosoft.Specifically we areinterested in thepatches that havebeen released for allversions ofWindows – as thiswould implyWindows Server2003 is alsosusceptible to thesame vulnerabilities.But 2003 is notactively beingpatched.

See the infographicbelow for moredetails.

how VulNerAble Are your wiNdows serVer 2003 workloAds?

11 23 7

1

Microsoft Windows Server 2003 reached End of Life on July 15th, 2015. Since that time Microsoft have released patches for vulnerabilities for allversions of Windows - other than Windows Server 2003.

Meaning Windows Server 2003 is already susceptible to the un-patchedvulnerabilities highlighted below.

Vulnerability in microsoft font driver could Allow remote code execution

https://technet.microsoft.com/library/security/MS15-078

Vulnerabilities in microsoft graphics component could Allow remote code execution

https://technet.microsoft.com/library/security/MS15-080

Vulnerabilities in Xml core services could Allow information disclosure

https://technet.microsoft.com/library/security/ms15-084

security update for internet explorer

https://technet.microsoft.com/library/security/MS15-093

DENIAL oF SERVICEA denial of service (DoS) attack is anincident in which a user or organization isdeprived of the services of a resource theywould normally expect to have. In adistributed denial-of-service, large numbersof compromised systems (sometimes calleda botnet) attack a single target.

BypASSAuthentication Bypass may be amechanism put in place by an attacker, aflaw in the design, or an alternate accessroute left in place by developers. Abypass that is purposefully put in placeasa means of access for authorized usersis called a back door or a trap door.

xSScross-site scripting (xSS) isa security exploit in whichthe attacker insertsmalicious coding into a linkthat appears to be from atrustworthy source. Whensomeone clicks on the link,the malicious codeexecutes on user'scomputer, typicallyallowing the attacker tosteal information.

REMoTE CoDE ExECuTIoNVulnerabilities can provide an attackerwith the ability to execute maliciouscode and take complete control of anaffected system with the privileges of theuser running the application. Aftergaining access to the system, attackerswill often attempt to elevate theirprivileges.

VulNerAbilities PAtched for All

oPerAtiNg systems other thAN 2003

www.beyondmigration.comEmail : info@beyondmigration.com

0800 622 6719@BeyondMigrationwww.facebook.com/BeyondMigration