In addition to the dark cloud of a tax deadline, this year April will bring another headache: the end of Microsoft’s support for Windows XP on April 8. After that date, Windows XP computers will be more susceptible to malware and viruses since Microsoft will no longer address major holes in the software. Some large enterprises may struggle just to identify which devices are running Windows XP so they can upgrade them. Infoblox technology can help with this task.
According to Microsoft:
“After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.
Running Windows XP SP3 and Office 2003 in your environment after their end of support date may expose your company to potential risks, such as:
- Security & Compliance Risks: Unsupported and unpatched environments are vulnerable to security risks. This may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the organization’s inability to maintain its systems and customer information.
- Lack of Independent Software Vendor (ISV) & Hardware Manufacturers support: A recent industry report from Gartner Research suggests ‘many independent software vendors (ISVs) are unlikely to support new versions of applications on Windows XP in 2011; in 2012, it will become common.’ And it may stifle access to hardware innovation: Gartner Research further notes that in 2012, most PC hardware manufacturers will stop supporting Windows XP on the majority of their new PC models.”1
The lack of Windows XP support will be felt all over the world: 29 percent of computers across the globe are still running Windows XP, according to NetMarketShare. And it will present a particular problem for enterprises: Forrester Research estimates that 20 percent of North American and European corporate computers are still running Windows XP. 2
With the increased security and compliance risks, enterprises will have to take a proactive approach to finding and remediating all of their Windows XP assets. The first challenge is simply finding all of the Windows XP machines, which can be especially difficult in a widely distributed enterprise.
This is an area where Infoblox technology can help. For example, an enterprise customer in the healthcare industry is using Infoblox technology to do the heavy lifting of identifying all of its Windows XP devices. The PCs running Windows XP in this enterprise get their IP addresses through the DHCP service. Infoblox NIOS 6.7 introduced a non-intrusive method of using DHCP fingerprinting to identify devices requesting an IP lease. This fingerprint can identify machines that are running Windows XP.
The process is actually pretty simple using Infoblox Smart Folders. These folders give cross-sectional data views, which narrow the scope of data presented using filters and Boolean logic. More than 50 different filters can be applied in a virtually unlimited number of combinations. The slicing and dicing of the data using Smart Folders provides powerful logic by getting to the core of what network teams monitor and control.
In the case of the healthcare enterprise, a Smart Folder is created to collect all devices that fingerprint as a Windows XP machine. Over the course of a few weeks, all of the Windows XP machines request a new or renewed DHCP IP address. The Smart Folder is populated with the device’s information each time a device fingerprints as a Windows XP device.
By selecting the device’s IP address in the Smart Folder, network administrators are provided the details of the device to help physically locate it.;
Finding the Windows XP devices through DHCP fingerprinting is the first step. Network administrators still must seek out any Windows XP devices with fixed IP addresses. Although it is rare that a Windows PC will have a fixed IP address, it is possible, and network administrators must ensure all Windows XP devices are found and dealt with.
Infoblox Network Insight enhances DDI by discovering and integrating network device data. Having integrated network device information provides network administrators the ability to get end-host information for fixed-address devices. Although the N-Map data is not as granular as DHCP fingerprinting, Windows XP devices can be detected. This additional device information can flag Windows devices that have fixed IP addresses. Those devices then can be investigated to determine if they are Windows XP devices. The network administrator can call this project complete only after all DHCP fingerprinted devices are remediated and the select few with fixed IP address devices are investigated and dealt with.
This will completely eliminate the risk associated with Windows XP and its lack of support after April 8.
- http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx
- Microsoft is about to take Windows XP off life support; Adrian Covert; CNNMoneyTech January 29, 2014: 7:11 AM ET