@printerjammed Simply put, this is bad for so many reasons. Since you’re likely going to reject any direct reasons why this is bad, I’ll give you an analogy.
I’m going to take “and never update it” almost literally and assume you guys haven’t installed security patches since you first installed it, or stopped at some point long ago.
You’re essentially driving a 15 year old car that hasn’t had an oil change, brakes changed, or tires changed. There are known MAJOR safety recalls on the seat belts, airbags, and seats. You have refused to take your car in for free servicing under the recall and basically said, “It’s working fine now. It’s not worth the hassle scheduling an appointment at the mechanic. I’ll take my chances.”
But hey, “The car still gets me around and fits in my garage” you smugly think to yourself. “Why should I do anything different? It’s MY car and I’m only endangering myself here.”
Nope. Your car is endangering everyone else on the road. Bad brakes and tires are major risks for everyone around you. You can easily lose control and hurt or kill others on the road.
Bad seats, seat belts, and airbags means that occupants of your vehicle (your companies clients) can be injured or killed if they fail. Even if only YOURS fails, well…you’re the driver. Also, if you do crash and your seat belt fails, you’re now a projectile in the car and can injure or kill other passengers. I’ve seen this happen too many times as a firefighter and an EMT. Unseatbelted occupants are an enormous hazard.
Suffice to say your company is a vector for major attacks and vulnerabilities that not only will affect you, but your clients and potentially countless others who have nothing to do with your company since your server could be part of a botnet for all you know.
“bUt We HaVe OtHeR sEcUrItY cOnTrOlS aNd PrOpEr PrOtOcOlS fOr…” I’m going to cut you off here and straight up say: No. You don’t. The fact you still have Windows Server 2008 installed and refuse to even update it tells me enough about your entire IT department and policies.
Microsoft has not been providing public updates for that platform for years, it needs to be retired. If it’s a VM, take a snapshot and do an in-place upgrade, see what happens. Revert to snapshot if it doesn’t work out.
For real. We run windows server R 2008 or something at work, never update it. Works like a dream with our other less ancient servers
deleted by creator
@printerjammed Simply put, this is bad for so many reasons. Since you’re likely going to reject any direct reasons why this is bad, I’ll give you an analogy.
I’m going to take “and never update it” almost literally and assume you guys haven’t installed security patches since you first installed it, or stopped at some point long ago.
You’re essentially driving a 15 year old car that hasn’t had an oil change, brakes changed, or tires changed. There are known MAJOR safety recalls on the seat belts, airbags, and seats. You have refused to take your car in for free servicing under the recall and basically said, “It’s working fine now. It’s not worth the hassle scheduling an appointment at the mechanic. I’ll take my chances.”
But hey, “The car still gets me around and fits in my garage” you smugly think to yourself. “Why should I do anything different? It’s MY car and I’m only endangering myself here.”
Nope. Your car is endangering everyone else on the road. Bad brakes and tires are major risks for everyone around you. You can easily lose control and hurt or kill others on the road.
Bad seats, seat belts, and airbags means that occupants of your vehicle (your companies clients) can be injured or killed if they fail. Even if only YOURS fails, well…you’re the driver. Also, if you do crash and your seat belt fails, you’re now a projectile in the car and can injure or kill other passengers. I’ve seen this happen too many times as a firefighter and an EMT. Unseatbelted occupants are an enormous hazard.
Suffice to say your company is a vector for major attacks and vulnerabilities that not only will affect you, but your clients and potentially countless others who have nothing to do with your company since your server could be part of a botnet for all you know.
“bUt We HaVe OtHeR sEcUrItY cOnTrOlS aNd PrOpEr PrOtOcOlS fOr…” I’m going to cut you off here and straight up say: No. You don’t. The fact you still have Windows Server 2008 installed and refuse to even update it tells me enough about your entire IT department and policies.
@snixyz
business doesnt spend money on IT. i’d love a new car
Microsoft has not been providing public updates for that platform for years, it needs to be retired. If it’s a VM, take a snapshot and do an in-place upgrade, see what happens. Revert to snapshot if it doesn’t work out.
https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2008-r2
Thaat can’t possibly be secure… or can it?
It’ll depend entirely on whether it’s connected to any kind of externally available network.
Even airgapped, it’s just asking to be hacked.
That’s… not great