On January 3, 2018, the US Computer Emergency Readiness Team (US-CERT) published Vulnerability Note 584653 which described specific Side-Channel attack vulnerabilities. The note stated that most CPU hardware (specifically the processor chips in the systems) is vulnerable to side-channel attacks: “An attacker able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory”. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.
Why is this threat important to you?
- It is pervasive. The vulnerability can be found in most computer physical hardware including your LAN and cloud-based systems.
- It can bypass security that segments processes and users. Any devices where there are more than one user can have information from one user taken by another.
- It may require coordination of both OS patching and firmware upgrades from the hardware manufacturer. Coordination of this effort can be costly and will require significant testing before deployment.
- The solution is likely to result in slower computers. The tradeoff between security and performance is unknown and may depend upon your specific environment.
Certain SecurNOC services (help desk, monitoring and management services) may be slowed as we adopt patches and firmware changes in our environment as needed. The complexities of patching will increase during the time that we evaluate patches offered by vendors and firmware upgrade requirements to mitigate the exploit. We will work to minimize disruptions and performance issues.
For clients who use our patching services, there may be requirements to upgrade firmware to insure the effectiveness of the patches offered. Since firmware can vary significantly, we may need to consult with you to identify firmware, determine testing scenarios and implement the firmware changes in concert with patching. This may involve additional fees due to this additional complexity.
Our SecurSuite services may be affected by performance issues as our infrastructure and the devices deployed to your site are managed. We will work to minimize disruptions and performance issues.
Our intrusion detection and intrusion prevention devices (SecurShield) that are deployed at your site(s) are protected by network design to insure that only our engineers can access them. We will maintain security on the devices and patch as needed. In some cases, performance may be affected.
Firewall management may require software and firmware updates to your device which may affect performance.
Log monitoring (SecurLog), web content filtering and vulnerability scanning should not be noticeably impacted.
We are working with the application vendor to insure safe and reliable services through the transition of cloud based telephonic services.
Audit and Compliance
No significant impact.
No significant impact.
We are working with the application vendors to insure safe and reliable services.
What we are doing
We are working to insure safe and effective delivery of services.
- Reaching out to key application vendors to determine their responses.
- Monitoring OS vendor and Intel responses to the issues including patches and firmware upgrades in preparation for testing and deployment in our environment.
- Preparing to implement software patches and hardware upgrades as needed.
- Preparing to support customers in patching and upgrading firmware as needed.
What you can do
- We recommend that you contact your cloud service providers and find out what they are doing to respond to the threat. Cloud environments (especially public clouds) are most vulnerable because of shared physical resources with the public. Keep it in-house. J
- We recommend that you work with your virtualization provider(s) including DataComm to update the OS and firmware as needed using a testing plan that insures that your existing infrastructure will be safely migrated. Virtualization environments are less vulnerable than clouds (because they are generally a part of “your” infrastructure) but they still share physical resources which means that security can be compromised by LAN users.
- We recommend that you work with your patching vendor(s) to include DataComm to insure that the response is effectively designed to test and deploy the requisite software and firmware.