Just because it’s inside the perimeter network doesn’t mean that it is safe

Some in management have absorbed enough information about security that they are dangerous. For example the belief that putting Server 2003 behind the firewall means that it’s no longer vulnerable to remote exploits.

The reality is that even hosts behind a firewall are still vulnerable. They might be vulnerable because the attack against them is coming from someone on the inside of the perimeter network, or because a computer that is on the inside of the perimeter network has been compromised through a different attack vector and is being used as a stepping stone to attack other computers on the network.

The Ponemon http://www.ponemon.org/ institute found that roughly 30% of attacks came from insiders. While putting a firewall between a server and the internet will provide some protection from attacks from the internet, it won’t be all that helpful in terms of providing protection if the attack is coming from the internal network.

While you could set up a special isolated network on your internal network that would only host servers running Server 2003, it’s probably cheaper to upgrade the servers to Server 2008 R2 or Server 2012 R2.