The forgotten systems

We all know the moments when new systems are put into use, and all the blood sweat and tears that has gone into it is soon forgotten. Finally the system is running and we can make use of it and it will simplify our work.

Old ServersBut there comes a day when the system is outdated and new ones are about to be taken into use. Then what happens to the old systems?

Depending on the function, you even have to do with legislation that demands that you keep the systems running because data on it, should be kept for more than 5 years du to for example tax legislation. There are usually quite valid reasons for these system to keep them up and running.

But don’t forget these old systems let them participate in the patch and security policies because they are often forgotten and then they are an easy target to gain access and can be a jump server into the rest of your IT systems.

Some advice:

  • On a regular bases PEN (Penatration testing – for example with Qualys) test your systems
  • Isolate these systems so they can still be used but only when necessary
  • Check regularly if these systems are being used
  • Take decommissioning seriously

And perhaps unnecessarily, but we should also apply these advices to test, research and acceptance systems. These are also quite often overlooked when it comes to potential security risks.