[End of support] What will happen if I leave CentOS 7 as is?

2024.01.05

table of contents

1 Increasing security risks and information security governance
- 1.1 Possible security risks
2 How to eliminate security risks
- 2.1 Checking system configuration and usage status
- 2.2 Consideration of migration schedule, method, and budget
3 [First aid] How to extend life while maintaining security
4 summary

This is Ohara from the technical sales department.

Community support for CentOS 7 will end (EOL) on June 30, 2024, which is a major issue for many users

Of course, even after support for CentOS 7 ends, you will still be able to continue using your server environment with CentOS 7 installed, but this will come with various security risks, such as the fact that the latest security patches and updates will no longer be available from the community

In this article, we will introduce the security risks and ways to temporarily maintain security

*Information as of January 2024

Increasing security risks and information security governance

Going forward, patches and security updates for CentOS vulnerabilities will no longer be provided by the community, making it more susceptible to cyber attacks that exploit vulnerabilities, increasing security risks

Lack of OS updates and maintenance reduces system stability, increases the risk of unexpected failures, and makes it more difficult to deal with them

Additionally, some companies may have information security governance requirements that require them to implement security enhancements for specific systems

Possible security risks

○ Attacks using unknown vulnerabilities (zero-day)
○ Attacks using known vulnerabilities
○ Malware or ransomware infections
○ Service outages or system failures
○ Loss of trust from customers and business partners

How to eliminate security risks

The only way to reliably avoid the security risks associated with the end of support for CentOS 7 is to "migrate to another alternative or successor Linux distribution" such as AlmaLinux or Red Hat Enterprise Linux (RHEL) .

Migrating from CentOS 7 to another Linux distribution requires knowledge, technical skill, and difficulty, but future security patches will continue to be provided and comprehensive support is also available

However, when migrating from CentOS 7 to another Linux distribution, you should be aware of the following points:

Checking system configuration and usage status

First, check the configuration and usage status of the system to be migrated. By checking the following points mainly and understanding the system configuration and usage status, you can understand the work required for migration and the risks involved

○ The versions of the software and middleware modules used
○ Application configurations and customizations
○ Dependencies with each system

Consideration of migration schedule, method, and budget

The migration schedule, method, and budget will vary depending on the system configuration and usage status

- Plan your migration schedule early.
Migration work requires a certain schedule, and it is extremely difficult to respond immediately. By planning a schedule early and with ample time, you can carry out the migration work without any strain.

the migration
process, such as system outages and data migration. Even if you have carefully investigated system dependencies, there is still the possibility of "not knowing what will happen during the actual migration process" or "unforeseen system problems."

Plan your migration budget
. Migration work requires a fair amount of effort and cost. If it is difficult to perform the migration in-house, consider consulting an external IT vendor. Outsourcing the migration work to an external IT vendor will allow the migration to proceed safely and efficiently.

[First aid] How to extend life while maintaining security

As mentioned above, the best solution would be to "migrate to another alternative or successor Linux distribution," but there may be cases where a company or organization is unable to do this quickly due to its circumstances

For example, when migrating to a different Linux distribution, various cases can arise, such as malfunctions due to dependencies on middleware versions such as Apache, MySQL, or PHP, or when code modifications are required for customized application software, but there is no longer a person or IT vendor who can perform the code modifications

Here, we will list some temporary workarounds to maintain security while CentOS 7 is no longer supported

*However, although these methods can reduce security risks to some extent, we would appreciate it if you would consider them to be only temporary, stopgap measures

Implementing IPS/IDS security services

By introducing IPS/IDS into a server environment, you can expect to be able to notify, block, or isolate unauthorized access or behavior within the server

Trend Micro Cloud One (C1WS) , an IPS/IDS service offered by Beyond, has a function called "virtual patching," which helps protect against security vulnerabilities. It also automatically applies signatures, allowing for optimal protection with minimal operational load.

Introducing WAF security services

WAF (Web Application Firewall) is a security service that protects the protocols used for internet connections, http (port 80) / https (port 443), and is primarily defined to protect websites and applications

Beyond also offers a cloud-based WAF service called " Scutum ," which can protect websites and applications that generate dynamic pages in response to requests from a variety of attacks, including SQL injection and cross-site scripting.

Engage an MSP's professional services

This is a method of outsourcing server and infrastructure operations to an MSP (Managed Service Provider)

MSPs provide professional system construction, operation, maintenance, and monitoring for companies and organizations' IT infrastructure (servers, networks, databases, etc.) and applications, as well as ongoing technical support such as system updates, security management, data backups, and recovery responses in the event of system failure

Please note that MSP vendors have different support systems, scopes, areas of expertise, and fee structures, so we recommend selecting a vendor that best suits your company

summary

Above, we have introduced the security risks of leaving CentOS 7 as is and how to temporarily maintain security

Whether migrating your server environment to a new Linux distribution or maintaining and extending the lifespan of your server environment, specialized knowledge, skills, and experience are required. If you find it difficult to handle the process in-house, consider consulting with an IT vendor or other specialist

▼Beyond's "Server Migration Solution" is here▼

● Cloud / Server Migration
● CentOS Server Migration Solution
● AlmaLinux OS Server Construction and Migration Service

If you found this article helpful , please give it a like!

The person who wrote this article

About the author

ohara

I started my career in the telecommunications industry as a salesperson in charge of introducing IT products such as NW services, OA equipment, and groupware for corporations.

After that, he worked as a pre-sales engineer for physical servers/hosting services and as a customer engineer for SaaS-type SFA/CRM/BtoB e-commerce at an SIer-based data center business company, before joining his current company, Beyond.

Currently, I am stationed in China (Shenzhen) and watch Chinese dramas and billbilville.

Qualification: Second class bookkeeping

My impressions as an Indian working at a Japanese company (Beyond Inc.) [2024 Update] For those residing in China - Obtaining a work visa / Z visa (Shenzhen)