Follow up on Meltdown/Spectre
January 15th, 2018 The DataBank teams have been hard at work this past week testing and addressing the Meltdown and Spectre vulnerabilities. If you missed our previous communication that described the situation and status, please click here for some valuable background information sent on Tuesday, January 9th at 11:48am. This communication is intended to update you on our plans for remediation and mitigation of this set of vulnerabilities.
As of January 15, there are still no known vulnerabilities identified by government or private security experts. There has been talk in some media about a java script related proof-of-concept (POC) exploit and some anti-virus vendors have created signatures to detect this item. The media reports have done a good job reporting that this exists, but they have not clearly identified that this POC was developed by the academic teams that identified the vulnerability and has been closely guarded. Security experts do not consider this POC to be a credible threat and neither do we at this time. Security vendors and government agencies continue to classify the overall situation to be a moderate to low-moderate threat. This is because 1) there is no known or available exploit and 2) exploitation would require extensive, localized access to a server or system. At DataBank / Edge Hosting, a DataBank company, our security systems and functions are designed towards a multi-layered security approach, which means that an attacker would have to break through multiple barriers to be successful in an attack. This multi-layered security model further mitigates the possibility that Meltdown or Spectre will impact your systems.
This past week (January 5-12) DataBank Network, System, and Security Engineers have accomplished and continue to work towards evaluating, testing and implementing patches and countermeasures deployments. We have:
- Updated the Intrusion Prevention System (IPS) digital vaccines to detect the POC exploit and other indicators of an attempted attack.
- Updated anti-virus signatures to detect and thwart potential attackers.
- Determined that firewalls (Cisco ASA and ASAv) used by our managed services customers are not impacted by the vulnerability. If you are a customer that manages your own firewall, you should review your equipment with the supplier/vendor. You can also submit a ticket for assistance in determining your exposure.
- Developed a plan of action for patching underlying virtual machines, routers, switches and other networking devices that are impacted.
- We have begun the deployment of patches to some underlying virtual hypervisors.
This will now allow for the successful patching of operating systems. The coming week will see continued patching of underlying hypervisors. Based upon vendor recommendations and our own testing, some patches must be deployed in sequence in order for later patches to be effective. We have determined that a five-tier approach is necessary to ensure that patches occur in sequence. Individual communications will be going out to customers when a pending tier will impact them. Communications will come via the ticketing system in the same manner as other patch notifications. In order to minimize downtime and ensure that the right patches are applied in the sequence specified by the vendor, patching is going to take some time to accomplish. We will continue to update you each week with the best and most accurate information we have. If you have specific questions, please utilize out ticketing system to submit them. We will address any and all questions you have.