Topics Map > Safety and security
Endpoint Security, End of Support Operating Systems, Guidance for Continued Operations
Options for EOS Systems
Upgrade or Replace
In most cases, the best option for handling an EOS system is to replace it. Depending on the software on the system, this may come with its own challenges. This is generally the preferred option, even if the migration may take time to implement.
Whenever an EOS system needs to remain in production, an exception must be filed. Please refer to the following form for more information on the requirements to file an exception: https://go.illinois.edu/osexception.
Please note that an exception is not an approval from security to run an unsupported operating system, rather it is an administrative process documenting a unit head’s acceptance of the risk of continuing to use an unsupported OS.
Where upgrading or replacing a system is not feasible, compensating controls must be implemented to mitigate risk. Below are some potential controls that can be applied to the system. The system should also remain in compliance with the rest of the IT04 (server) or IT10 (workstation) security standards.
Purchase Extended Support
Some vendors may offer to extend their support for an otherwise EOS system through the purchase of an additional license. When activated on the system, it will be able to download and install updates for the duration of the time specified in the license.
Extended support licenses for some operating systems, such as Windows, may be available on the WebStore. For others, contact your vendor.
Note that some software may stop receiving updates on a system with extended support. Pay close attention to the supported operating systems for any software you use.
System Hardening
As a temporary measure, the EOS system can have additional protections put in place to reduce its exposure and likelihood of compromise. There should be a plan in place to move to one of the options below or to upgrade or replace the system.
Some ways to harden a system:
- Disable unnecessary services
- Restrict incoming and outcoming connections
- Remove unused software
- Apply the latest available updates for OS and installed software
- Use application allowlisting
- Implement file integrity monitoring software
- Log all access sessions
- Require multi-factor authentication
Regardless of hardening methods used, the following should always be in place for an EOS system:
- Install CrowdStrike Falcon (see: Endpoint Security, CrowdStrike, Manual Installation and Uninstallation)
- Use endpoint management for managing updates (see: Endpoint Services, What Is Endpoint Services?)
- Encrypt the drives
- Restrict administrative access
Jump Host
For systems where a longer-term solution is needed, access to the EOS system can be restricted through a jump host (a secure intermediary system) that implements system hardening techniques outlined above. From the jump host, a user uses SSH, RDP, or a secure remote connection protocol to connect to the EOS system.
Network access to the EOS system should be restricted to only the jump host to reduce the exposure to external threats. Isolate the EOS system on a secured VLAN inaccessible from the rest of the university network. Technology Services Networking can provide guidance on setting up the network.
In addition, physical access to the system should be restricted to those with a need to access the system.
Air Gapping
For systems where additional protection may be prudent—such as a system with High Risk data—the system should be restricted to physical access only. Isolate the device from all networks, wired or wireless. Removable storage media should not be used unless examined and deemed necessary. This minimizes exposure to external threats.
Please reach out to IPC at securitysupport@illinois.edu for additional guidance on EOS systems, or to schedule a consultation regarding an EOS operating system that must remain in production.
In an Emergency
EOS systems are more prone to compromise than systems that are receiving regular updates. If you suspect a system you maintain has been compromised, please contact the Cybersecurity Operations Center (see: Cybersecurity, Emergency Incident, Contacting Security).