Secure Windows XP use after support Ends – Best Practices

If you have to continue running Windows XP in your IT environment even though Microsoft has ended its support, you are not alone. It is estimated that between 20%-25% of enterprise still run Windows XP and at least 10% of their systems.

One of the main reasons why rapid migration is not an option is because applications that include browsers cannot be migrated to a later OS, and this acts as an inhibitor to upgrading. Embedded XP systems such as POS devices can also be impacted as they cannot be rapidly migrated either.

Microsoft are not explicit about XP’s perceived vulnerabilities, unless you happen to be a Premium customer with a Custom Support Agreement (CSA) so you will have to seek assistance from third parties.

Reverse Proxy

KEMP Technologies offers LoadMaster load balancers that are able to aid risk mitigation due to their layered protection features. One of the key LoadMaster features is support for reverse proxy services between terminating end points to reduce the risk of peer-to-peer security attacks. The KEMP Load Master communicates to the users web browser and then in turn communicates with the other party meaning that the XP client’s identity is not exposed and SSL termination is executed by the LoadMaster.

Intrusion Prevention

As an advanced security feature, KEMP’s LoadMaster range of products provide an ADC (application delivery controller) with an Intrusion Prevention System (IPS) supplied as a standard feature. IPS provides on-line protection for bandwidth as well as XP clients and servers and provides intrusion alerts in real time in order to mitigate and deal with malicious attacks and the attempted isolation of servers that are considered at risk.

Additionally, LoadMaster’s Edge Security Pack adds additional layers of protection to your application environment, including two-tier and endpoint user authentication. LoadMaster offers core security features such as SSL bridging for secured traffic flows, customizable ciphers for SSL negotiation, and TCP connection termination, providing a trusted pathway for customers to securely publish  applications.

Tags: