It’s not Skynet (yet), but securing our environments is still very important in today’s cyber threat landscape

Submitted by Rob Schmidt, WashU IT Systems Engineer IV

 

In the early days of pre-Internet computers, systems were isolated.  If someone said there was a cyberthreat, people would think of Skynet in the Terminator universe.  Now, cyber threats are a daily part of life.  An important part of securing the university against those threats, is to ensure that operating systems, databases, and applications are patched against the latest discovered vulnerabilities.

Microsoft has put a stake in the ground for SQL Server 2008 and Windows Server 2008, stating that they would end general support for these servers on July 9, 2019 and January 14, 2020, respectively.  After that date, Microsoft will only provide a limited time, additional cost support.  The end is coming.

In WashU IT, we support 153 SQL 2008 Servers and 691 Windows 2008 Servers that fit this scenario.   Two years ago, Darrell Dohrman as project manager, and Jim Johnson as technical lead, began the process of addressing SQL Server 2008 servers (project start & finish: 7/26/17 – 7/31/19).  Six months later, they began the project to act on the Windows 2008 servers (project start & finish: 1/15/18 – 1/31/20).  A large part of these projects is preparing customers and testing to ensure there’s no service impact.  So, a big thanks goes out to the Enterprise Applications and department IT staff who’ve worked diligently with Shared Infrastructure (SI) to ensure a smooth transition.

As a part of that mitigation process, business owners and application owners of those servers were presented with multiple options:

  • Option #1: Upgrade the server in-place, which historically had been a risky proposition.  The system engineers have been skillful in lessening that risk and the potential downtime.
  • Option #2: Retire the server, which could be retiring the database and/or application OR migrating that database and/or application into a shared environment.  Shared SharePoint farms and Shared SQL Server database environments are good examples of this type of migration.
  • Option #3: Replace with newer versions of Windows and SQL Server, and migrate the database and/or application to those new servers.
  • Option #4:  Purchase the limited time, additional cost support.
  • Option #5:  If possible, isolate that database and/or application, from a network perspective, and get a limited time InfoSec exception approval.

Of course, with technology, challenges can come out of left field.  VAM, the Vendor Application Management group led by Dave Leisure, had several applications that were not supported on the later versions of Windows or SQL Servers.  Dave had to work with those vendors, prodding and poking, to get them to create new versions of their applications that were supported on newer versions of Windows and SQL Server.

Why is all of this important to you?   WashU, as an organization, relies on technology every day to help us with our missions of teaching, research, and patient care.  It’s too much of a connected world and too risky to not be vigilant against cyber security risks.  We have to take the time and be prepared to keep our technology up to date.  And a big base for that technology stack is the Operating System and Database Management system.

Microsoft ends support for SQL Server 2012 and Windows Server 2012 in 2022 And 2023, respectively. Work with your business owners to plan ahead to ensure you’re prepared to account for the maintenance (lifecycle management) associated with keeping these servers up to date.