If you’ve been following our Windows XP series on PCI Compliance Guide, you now know the reasons running XP after April 8, 2014 will put your business at risk and also the level of planning that needs to take place now (even if you’re reading this after April 8).
The first step to removing XP from your IT infrastructure is to find out exactly where it resides. Therefore, you must review the operating systems and versions on all of your computers and POS equipment.
Is Windows XP Hiding in Your Network?
Managing assets within your IT environment is a critical best practice that you should be following on an ongoing basis. This includes tracking attributes of those assets (such as the operating system running) and ensuring they are patched on a timely basis. Given the fast pace of change that many businesses experience, along with the varied demands on their IT resources, it is easy to see how some systems may slip through the cracks.
Performing an internal vulnerability scan is a quick and easy way to discover XP within your IT infrastructure. The scan can be performed efficiently and without complex installation and configuration of hardware and software. For example, ControlScan’s scanning process is conducted through a cloud-based application that is provided with a tunnel into the internal network. From there, an initial discovery scan is performed to identify all IP-addressable systems in the environment. Next, each system is scanned in turn to identify relevant attributes, services and processes.
The report generated from the internal scanning process lists each IP address discovered as well as the operating system and version. This gives you a clear view of where XP resides on your network.
In addition, internal scanning identifies weaknesses in the network behind your firewall and helps your organization comply with PCI DSS requirement 11.2.