Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Risks & mitigation of using IE8 on a server that runs an app that requires IE8

Posted on 2016-10-19
14
Medium Priority
?
147 Views
Last Modified: 2016-10-24
We have an app from EMC (the storage vendor) that requires us to use IE8 :
log a case & was told IE10-11 not supported as screen gets garbled.

As this server is internal (ie not accessible via Internet & not in DMZ),
what's the risks?  I suppose an internally infected PC/server can still
exploit & get into this server/app that runs IE8 (as console to the app).

How can we mitigate as IE8 doesn't have patches anymore?  Use endpoint
IPS as substitute for various vulnerabilities but I'm afraid many IPS vendor
has ceased releasing signatures/filters for IE8.

Havent explore with Chrome/Firefox yet if it works with the apps but was
told by colleague that they're unlikely to be supported.

IE8 is to be run/installed on the server hosting the app, not on laptops/PCs

I'll convey the name of the EMC app later
0
Comment
Question by:sunhux
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 57

Expert Comment

by:McKnife
ID: 41850057
Hi.

You cannot install IE8 on modern OS' - technically impossible. The last OS where you could would be server 2008. So you need to try a different browser. Chrome for example offers support for oldschool things in form of an app that simulates legacy browser behavior.
1
 
LVL 88

Assisted Solution

by:rindi
rindi earned 480 total points
ID: 41850155
Have you tried using compatibility View in IE11? That will often allow you to view old stuff. Also check if there is an upgrade for the EMC app that runs on current browsers.
0
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 400 total points
ID: 41850307
You also can't run two versions of IE on the same computer.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:sunhux
ID: 41850504
The name of the EMC app is OCAOIS  & it's not an option to upgrade this app.


Can elaborate how we can go about doing the following:

>Chrome for example offers support for oldschool things in form of an app that
> simulates legacy browser behavior : how can I configure it or need a plug-in ?

>compatibility View in IE11?
How to enable  compatibility View in IE11 ?
0
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 800 total points
ID: 41850516
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 480 total points
ID: 41850539
In IE select tools, Compatibility view settings, then add the url.
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 320 total points
ID: 41851536
Seems like using a VM with Windows 7, Xp, server 2008 is one way to maintain access while using parental control to limit the access to the EMC OCAOIS portal interface a the sole destination to avoid ......user attempts to use the VM to access anything else.
0
 

Author Comment

by:sunhux
ID: 41852477
Our apps support team has tested out both IE11's Tools==> Compatibility View
settings as well as Chrome's oldschool support : did not help.

Was told this product OCAOIS is to capture clients' signature & sort of secure it:
The browser on the server is meant to access Management console of this
product.

Was further informed by our apps team that this current version 6 is the one
giving issue: previously while they're on version 3 running on Win2003, IE8
was working fine.

After upgrading the OS to Win2008 R2 followed by upgrading this app to
ver 6, found IE11 gives issues :display garbled & when clicking on certain
links, error pops up.

EMC (possibly this is an RSA related product;  RSA is owned by EMC) has
come up with ver 7 but we need to pay for licence upgrade: it's not
certain if ver 7 will support IE11
0
 
LVL 57

Accepted Solution

by:
McKnife earned 800 total points
ID: 41852491
Ok, 2008r2. You can uninstall ie11 and it should roll back to the previous browser, which should be ie8 on 08R2.
0
 
LVL 80

Expert Comment

by:arnold
ID: 41852777
depending on installed updates, ie9, ie10 might have been installed as well.

look at xpmode, or similar vm .....
0
 
LVL 57

Expert Comment

by:McKnife
ID: 41852803
If I am not mistaken, even then will it let you rollback through the versions back to the one that shipped with 2008R2: IE8.
0
 
LVL 80

Expert Comment

by:arnold
ID: 41853036
rollbacks at times work, the issue besides the version, there have been updates along the way in addition to the deployment of versions.......

Without trying, ..it is filled with peril.
0
 

Author Comment

by:sunhux
ID: 41853272
So create a VM that run IE8 in it to make it more secure?
0
 
LVL 57

Expert Comment

by:McKnife
ID: 41853306
Always possible, why not.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question