The end of life (EOL) for software means that the software has reached the end of its predefined support period and will be retired. Beyond this date, the software will no longer receive feature enhancements, maintenance, or security updates. You may continue using the software past its end-of-life date, but any future exploits puts your business at risk. If there are security vulnerabilities, your system and data could be stolen and sold on darknet markets. Without security updates, your system will become vulnerable to hacking attacks, but migrating from the EOL OS to the newer version is connected with a huge workload for administrators.
- Ignoring End-of-Life Notices Could Lead to Breaches
- Risk of Leaving EOL Operating Systems Installed
- Strategies to Manage EOL Applications
- CentOS 6 End-of-Life
Ignoring End-of-Life Notices Could Lead to Breaches
Updating a server to the next generation operating system is a hassle, which is why many administrators delay the process. Just because the current version runs smoothly doesn’t mean the latest version will run without issues. Currently installed software might not work with newer versions and configuration changes could cause outages.
The biggest threat from using an EOL operating system is the unpatched vulnerabilities found after the expiration date. For example, Linux kernel 2.6.32 has long been retired, but there are still dozens of vulnerabilities discovered as recently as 2019. Any Linux servers running the older kernel would be vulnerable to denial-of-service attacks.
Servers aren’t the only targets. Embedded Linux is common in many of the world’s Wi-Fi routers and IoT devices. Research found that many of today’s popular home routers and IoT devices still run Linux kernel 2.6, which has had an EOL since 2016.
Breaching servers can result in a large payday for attackers, and as servers are publicly available at any time, a strategic attacker will scan hundreds servers to identify the operating system version, essentially fingerprinting your architecture. When a vulnerable operating system is found, it can help attackers craft more specific attacks. Most servers can be configured to not return running application versions, but this is not a workaround for leaving unpatched software on your server.
Risks of Leaving EOL Operating Systems Installed
Although data breaches and compromise are the most critically damaging to an organization, leaving out-of-date operating systems has several other risks. Some of these risks are more severe than others, but even low-risk issues can be major staff overhead. Here are just a few:
- Security vulnerabilities: Leaving an EOL operating system installed on a server means that there will be no more security patches released. Any publicly available vulnerability announcements makes your server an open target. Without patches, administrators can’t protect infrastructure, and attackers will eventually determine that servers are vulnerable.
- Incompatible software: When an operating system is no longer supported, developers for third-party applications will no longer ensure their code supports older systems. It’s possible that patches for these applications could cause issues, or the software will no longer work with the EOL operating system.
- Compliance violations: Regulatory standards surrounding financial and healthcare information require specific cybersecurity procedures to protect customer data. Out-of-date software could lead to hefty fines and residual lawsuits that could go on for years after a data breach. For example, a $40 million lawsuit for the Target data breach in 2013 was not settled until 2016.
- High costs: Most operating system developers offer extended support after EOL, but it comes at a cost. EOL software developers charge a premium for support per device, which can get expensive for a large organization.
- Poor performance: It’s not uncommon for older software to run on older hardware. This means that bottlenecks could stem from older infrastructure on the network.
- Reliability: Because older applications are no longer supported, crashes and bugs aren’t patched either. If software fails, your server could potentially no longer boot, which affects SLAs and uptime.
Strategies to Manage EOL Applications
Delays in patching and upgrades aren’t always intentional. If inventory procedures are loosely defined and often overlooked, administrators could lose visibility of their infrastructure and be unaware that EOL operating systems are installed on servers. Here are a few strategies to handle servers with EOL software.
- Inventory management: If you don’t already have an inventory strategy, it’s time to get one. Hardware can also be at a point where it’s time to retire it. Inventory management will help identify what infrastructure and software should be upgraded and which infrastructure should be retired.
- Upgrading: Mission critical infrastructure must be updated, but a new operating system must be tested first. A mirror of production in a staging environment can help eliminate any unforeseen issues during migration.
- Pay for vendor extended support: Some software vendors offer extended support at a price. This price is usually per device and can be expensive. For instance, Windows 7’s EOL was January 2020 and the first year of support is $25/device and $100/device in three years. CentOS 6 developers announced its EOL coming November 30, 2020 with an extended support period but it’s for technical support only.
- Retire it: Eventually, if you don’t upgrade a server, it might be time to retire it. An alternative is to move retired equipment to the cloud and migrate to a virtualized environment.
CentOS 6 End-of-Life
The CentOS 6 EOL is November 30, 2020, so security patches will no longer be released soon. If you haven’t already prepared for an upgrade, you need an alternative strategy that lets you delay upgrading but still keeps your servers secure. Although CentOS developers offer an extended support period, it’s for technical support only and not security patches, which isn’t useful for critical server security.
CloudLinux has a CentOS 6 extended support service that will give our CentOS 6 customers time to migrate to a newer version while still receiving critical patches and bug fixes. If you’re a current CloudLinux customer, no need to do anything. We’ll automatically subscribe you to extended support on December 1, 2020 giving you three more years to upgrade to CentOS 7 or 8. Eventually, you have to upgrade, but with CloudLinux, you can delay it for another 3 years and still ensure the stability and reliability of your servers.