I'm sure you know that April 8 2014, Microsoft will stop supporting Windows XP and stop creating security updates for XP as well. That means that when after April 8, 2014 another security bug is found in Windows XP, (a certainty) that bug cannot be patched anymore, and your PC or laptop that runs XP will be very easy for the bad guys to get into. Microsoft on their website states: “PCs running Windows XP after April 8, 2014, should not be considered to be protected. ”
So now, if you are stuck with XP, here are 10 things you should do to make sure it's not going to be cake-walk for the bad guys to penetrate your network. It's already easy enough. My business partner Kevin Mitnick is always happy to hear that a penetration-test customer has XP running in their network, as that makes his job that much easier. Here are the 10 points:
- Make sure you deploy the very latest XP update so that those machines start out their afterlife as "healthy" as possible.
- Isolate the old XP devices on separate "dirty" networks to make sure the compromised XP boxes do not infect new machines.
- Keep these XP machines behind a hardware firewall like a NAT router.
- Reduce the attack surface and get rid of all unused (third-party) apps, and disable Internet Explorer.
- Install Google Chrome, which supports XP until at least April 2015, Use the VIEW option of Chrome as much as possible.
- Windows XP is especially vulnerable for all kinds of malware attacks so give these XP users effective security awareness training so they do not click on links that will infect their PC.
- If you run MS Office on the box, fully patch it, and keep it patched.
- Install Secunia (free), regularly scan for new versions of the remaining apps you are using and deploy updates.
- Turn on the Windows Firewall, and turn on Microsoft Security Essentials.
- Last but not least, consider deploying whitelisting (aka application control) which locks down the XP box and only allows known-good executables to run.