IT Security: Dealing with Hardware Leaks29. November 2018
The topic of IT security remains omnipresent. Among the greatest IT security challenges we face are the known and unknown vulnerabilities of hardware. This article offers an overview of the current situation and explains ITpoint’s approach to system security.
CPU vulnerabilities such as Meltdown, Specter and Foreshadow have made headlines in recent months. These vulnerabilities allow intruders to access data in the CPU undetected. These threats should not be underestimated, especially in cloud environments, where infrastructure is shared among many users. Theoretically speaking, data from servers running on the same hypervisor can be read, which means that a malware or a Trojan can be introduced.
Beware of the human behind the device
Fortunately, putting a Trojan on a server is not that easy. Normally, attacks are directed against devices (PC / notebook / mobile phone). Behind the device is the system’s largest security threat: the human being. It easier is to inject malicious software via an end device. From here, however, the invader would still have to find its way to the server. The path to the server would be riddled with obstacles, since the normal user does not have privileged rights to access it. In the past, one option was via the SMB vulnerability, also known as the WannaCry virus. The virus infected other systems via the SMB protocol, allowing it to spread in the network. This gap was considered highly critical and closed by Microsoft immediately. While Linux fans might be quick to point fingers at Microsoft, it should be mentioned that Linux SAMBA was also affected by this vulnerability. Like Microsoft, Linux patched the gap immediately.
Patching is unavoidable
Given the current situation, one thing is clear: systems need to be patched regularly. These gaps can only be closed by firmware updates, fixes and patches. It goes without saying that at ITpoint we regularly patch. We update all our managed Windows systems monthly and close security gaps which concern hardware with the appropriate updates. That said, we realize that seamlessly importing any available patch is not always a good idea; it is important to consider the possible glitches that come with installing updates. CPU updates, in particular, can impact a system’s performance. At ITpoint, the following principles apply: stability before security, security before performance. In general, the security level on our cloud infrastructure is high and our systems are up to date. We plan to close the recently discovered CPU hyperthreading vulnerability by February 2019. In short, no one is immune to future threats. Ultimately, manufacturers need to consider security in hardware design; however, rethinking their approach could take some time.