Windows 7 will be reaching End-of-Life on Jan 14th, 2020. Windows 7 is a decade old, however, is still very prevalent with Windows 7 PCs lurking on networks all around the world. From the referenced article, below is one estimate of just how big of a presence there still is:
Recent reports from Netmarketshare suggest that Windows 7 is still being used on 39% of all PCs
This presents multiple challenges to system and security administrators. To name just a few:
- How do I find out if any Windows 7 systems are on my network now?
- How do I communicate with users about their options and mitigate risk?
- How can I be notified anytime a Windows 7 system connects to my network?
Genian NAC has the ability to address these concerns using a combination of features which provide Visibility and Control of all active devices on the network with little to no network integration required.
Visibility with Device Platform Intelligence (DPI)
With Genians DPI, administrators can detect all active nodes on the network and categorize them by Platform with no network disruption or downtime. As seen in these images from the genians.com website, DPI contains Platform types for all different versions of Windows 7 and even proactively identified that Windows 7 was approaching End-of-Life/Support. Knowing that Windows 7 devices are present is only half the battle. They still need to be grouped together and actions applied.
Node Grouping and Enforcement Policies
With Genian NAC you can easily group these devices together, define a captive portal message to be displayed and even optionally restrict access. One such plan could be to display the informational message to Windows 7 users between now and Jan 2020 and then restrict access from that point forward, protecting the internal network from devices which can no longer receive security updates. This approach achieves the following goals:
- Educates end users of the issue/risk
- Provides information on a path forward (upgrade to Windows 10 for example)
- Mitigates risk if users do not upgrade before the deadline
This Enforcement Policy image shown is an example of how easily this policy can be configured in Genian NAC. In just a few minutes, this policy can be configured and enabled. With initial permissions granting full access, this can easily be modified to Internet only access or no access starting in Jan 2020.
Reporting and Notifications
Now that Windows 7 devices are being identified and users are being notified, the final piece is reporting and notifications. With the Enforcement Policy now in place, a log filter can be easily created so that any Windows 7 nodes connecting to the network will result in a log entry and email notification to administrators with the IP, MAC and location of the device. In conclusion, the time to identify your Windows 7 exposure and risk is now. Being able to enact a quick and easy solution will save precious hours for administrators, secure the network and most importantly, solve the problem before their manager asks about it. Visit https://www.genians.com/trial-buy/ today and find out how many Windows 7 devices are on your network.
Brett is a Cisco CCNP and has over 25 years of experience in networking. During the last 15 years he has specialized as an SME in Designing and Deploying Network Access Control solutions. Prior to focusing on NAC, Brett served as a Cryptologic Technician in the U.S. Navy as well as providing network consulting services such as Enterprise-scale WAN projects for financial institutions and data center BGP connectivity to Service Providers.