Isolating an old server from the network

TcastroTcastro Member Posts: 4 ■■□□□□□□□□
Hi was wondering if anyone had some insights on the best practice regarding isolating and old server from the rest of the network. In this specific case there are 2 2008 windows servers that have services that the company needs running but cannot be updated any more. Our network is segmented with vlans by it self, we have internal network, DMZ etc. 

Thanks in advance.

Comments

  • matt333matt333 Member Posts: 276 ■■■■□□□□□□
    edited September 2023
    hmm you could put a VACL on the network that the old servers is on. you can limit internal/external communication based on IP/port.

    That would probably be the easiest way to isolate these servers if you don't want to just re-IP the servers.
    Studying: Automating Everything, network API's, Python etc.. 
    Certifications: CCNP, CCDP, JNCIP-DC, JNCIS-DevOps, JNCIS-ENT, JNCIS-SP
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    edited September 2023
    Here's recommendations from GPT-4. I thought #12 was very interesting:

    Isolating old servers, especially those running outdated operating systems like Windows Server 2008, is essential to protect them (and your network) from potential vulnerabilities. Since these servers can no longer be patched, their exposure to the rest of the network should be minimized. Here are some best practices to consider:

    1. Move to a Separate VLAN: Create a dedicated VLAN specifically for these servers. This will logically separate them from the rest of your network, limiting the potential attack surface.

    2. Implement a Firewall: Use a firewall to restrict traffic between this VLAN and others. Only allow necessary protocols and ports to communicate with these servers. Make sure you have robust firewall rules to only permit necessary inbound and outbound traffic.

    3. Remove Internet Access: If these servers don't require internet access, completely disconnect them from it. If internet access is necessary, use a firewall to restrict their access only to required sites/IPs.

    4. Tighten Access Control: Ensure that only specific users have access to these servers. Remove any redundant user accounts and ensure strong password policies are in place.

    5. Limit Service Exposure: Disable any unnecessary services on these servers. If they are providing specific services, ensure only those services are running and accessible.

    6. Network Intrusion Detection: Implement an intrusion detection system (IDS) to monitor for any suspicious activities involving these servers.

    7. Regularly Monitor and Audit: Regularly review logs and set up alerts for any suspicious activity on these servers. 

    8. Use a VPN for Remote Access: If you need remote access to these servers, ensure that it's done through a Virtual Private Network (VPN). This will add an extra layer of security.

    9. Physical Security: Ensure that these servers are in a secure physical location, preventing any unauthorized physical access.

    10. Backup Regularly: Ensure you have a robust backup solution in place. Regularly backup the servers and test the backups to make sure they can be restored.

    11. Application Whitelisting: Implement application whitelisting on the servers. This ensures that only specified applications can run, reducing the risk of malicious software.

    12. Consider Virtualization: If these servers are on physical hardware, consider converting them to virtual machines. This provides an additional layer of abstraction and allows for easier backups, snapshots, and migration, if necessary.

    13. Plan for Replacement: While you're isolating and securing these servers, always plan for their eventual replacement. Investigate solutions that can replicate the functions of these old servers on newer, more secure platforms.

    14. Educate Staff: Ensure that staff members who interact with these servers are aware of the risks and are trained on the importance of security practices.

    Remember, the key is to minimize the attack surface and limit the exposure of these servers to potential threats. The more isolated they are, the less risk they pose to your broader network environment.
  • TcastroTcastro Member Posts: 4 ■■□□□□□□□□
    Thanks a lot everyone, I will discuss this with my team to decide what would be the best approach to this situation!
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Pretty much isolate at the network level (via firewalls/vlans)

    tighten your IPS rules around, and have a WAF if its running a web application 

    if it supports agent installation for your SIEM, even better. Right specific detection tools for it and keep an eye on it



    Fight with application people every day to force them to find an alternative so you can decomission it ASAP
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.