Follow up on Meltdown/Spectre
January 15th, 2018 The DataBank teams have been hard at work this past week testing and addressing the Meltdown and Spectre vulnerabilities. If you missed our previous communication that described the situation and status, please click here for some valuable background information sent on Tuesday, January 9th at 11:48am. This communication is intended to update you on our plans for remediation and mitigation of this set of vulnerabilities.
As of January 15, there are still no known vulnerabilities identified by government or private security experts. There has been talk in some media about a java script related proof-of-concept (POC) exploit and some anti-virus vendors have created signatures to detect this item. The media reports have done a good job reporting that this exists, but they have not clearly identified that this POC was developed by the academic teams that identified the vulnerability and has been closely guarded. Security experts do not consider this POC to be a credible threat and neither do we at this time. Security vendors and government agencies continue to classify the overall situation to be a moderate to low-moderate threat. This is because 1) there is no known or available exploit and 2) exploitation would require extensive, localized access to a server or system. At DataBank / Edge Hosting, a DataBank company, our security systems and functions are designed towards a multi-layered security approach, which means that an attacker would have to break through multiple barriers to be successful in an attack. This multi-layered security model further mitigates the possibility that Meltdown or Spectre will impact your systems.
This past week (January 5-12) DataBank Network, System, and Security Engineers have accomplished and continue to work towards evaluating, testing and implementing patches and countermeasures deployments. We have:
- Updated the Intrusion Prevention System (IPS) digital vaccines to detect the POC exploit and other indicators of an attempted attack.
- Updated anti-virus signatures to detect and thwart potential attackers.
- Determined that firewalls (Cisco ASA and ASAv) used by our managed services customers are not impacted by the vulnerability. If you are a customer that manages your own firewall, you should review your equipment with the supplier/vendor. You can also submit a ticket for assistance in determining your exposure.
- Developed a plan of action for patching underlying virtual machines, routers, switches and other networking devices that are impacted.
- We have begun the deployment of patches to some underlying virtual hypervisors.