Solved

Risks & mitigation of using IE8 on a server that runs an app that requires IE8

Posted on 2016-10-19
14
114 Views
Last Modified: 2016-10-24
We have an app from EMC (the storage vendor) that requires us to use IE8 :
log a case & was told IE10-11 not supported as screen gets garbled.

As this server is internal (ie not accessible via Internet & not in DMZ),
what's the risks?  I suppose an internally infected PC/server can still
exploit & get into this server/app that runs IE8 (as console to the app).

How can we mitigate as IE8 doesn't have patches anymore?  Use endpoint
IPS as substitute for various vulnerabilities but I'm afraid many IPS vendor
has ceased releasing signatures/filters for IE8.

Havent explore with Chrome/Firefox yet if it works with the apps but was
told by colleague that they're unlikely to be supported.

IE8 is to be run/installed on the server hosting the app, not on laptops/PCs

I'll convey the name of the EMC app later
0
Comment
Question by:sunhux
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 41850057
Hi.

You cannot install IE8 on modern OS' - technically impossible. The last OS where you could would be server 2008. So you need to try a different browser. Chrome for example offers support for oldschool things in form of an app that simulates legacy browser behavior.
1
 
LVL 88

Assisted Solution

by:rindi
rindi earned 120 total points
ID: 41850155
Have you tried using compatibility View in IE11? That will often allow you to view old stuff. Also check if there is an upgrade for the EMC app that runs on current browsers.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 41850307
You also can't run two versions of IE on the same computer.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:sunhux
ID: 41850504
The name of the EMC app is OCAOIS  & it's not an option to upgrade this app.


Can elaborate how we can go about doing the following:

>Chrome for example offers support for oldschool things in form of an app that
> simulates legacy browser behavior : how can I configure it or need a plug-in ?

>compatibility View in IE11?
How to enable  compatibility View in IE11 ?
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 41850516
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 120 total points
ID: 41850539
In IE select tools, Compatibility view settings, then add the url.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 80 total points
ID: 41851536
Seems like using a VM with Windows 7, Xp, server 2008 is one way to maintain access while using parental control to limit the access to the EMC OCAOIS portal interface a the sole destination to avoid ......user attempts to use the VM to access anything else.
0
 

Author Comment

by:sunhux
ID: 41852477
Our apps support team has tested out both IE11's Tools==> Compatibility View
settings as well as Chrome's oldschool support : did not help.

Was told this product OCAOIS is to capture clients' signature & sort of secure it:
The browser on the server is meant to access Management console of this
product.

Was further informed by our apps team that this current version 6 is the one
giving issue: previously while they're on version 3 running on Win2003, IE8
was working fine.

After upgrading the OS to Win2008 R2 followed by upgrading this app to
ver 6, found IE11 gives issues :display garbled & when clicking on certain
links, error pops up.

EMC (possibly this is an RSA related product;  RSA is owned by EMC) has
come up with ver 7 but we need to pay for licence upgrade: it's not
certain if ver 7 will support IE11
0
 
LVL 54

Accepted Solution

by:
McKnife earned 200 total points
ID: 41852491
Ok, 2008r2. You can uninstall ie11 and it should roll back to the previous browser, which should be ie8 on 08R2.
0
 
LVL 77

Expert Comment

by:arnold
ID: 41852777
depending on installed updates, ie9, ie10 might have been installed as well.

look at xpmode, or similar vm .....
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41852803
If I am not mistaken, even then will it let you rollback through the versions back to the one that shipped with 2008R2: IE8.
0
 
LVL 77

Expert Comment

by:arnold
ID: 41853036
rollbacks at times work, the issue besides the version, there have been updates along the way in addition to the deployment of versions.......

Without trying, ..it is filled with peril.
0
 

Author Comment

by:sunhux
ID: 41853272
So create a VM that run IE8 in it to make it more secure?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41853306
Always possible, why not.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now