TERMINALFOUR Data Security Statement - Meltdown and Spectre VulnerabilitiesNews Article
January 5th 2018
As you no doubt are aware at this stage, two hardware flaws in the physical architecture of modern CPU chips have been recently publicized. These vulnerabilities are being commonly referred to as Meltdown (almost exclusively affecting Intel chips) and Spectre (affecting nearly all chips). Since these vulnerabilities result from a physical property of the processor hardware itself, operating system patches at the lowest (kernel) level are required to mitigate the security impact of these issues on current hardware. They can only be truly ‘fixed’ in a future redesign of processors.
Data Security Impact
TERMINALFOUR became aware of the vulnerabilities earlier this week and have been monitoring the vendor response whilst risk assessing the impact on our infrastructure. While no known exploit of this vulnerability has been reported, we treat all such security incidents with the utmost seriousness and have been proactively working towards patching our infrastructure to mitigate the threat. TERMINALFOUR deploys best of breed perimeter and host based controls to protect your data and implements a risk based continuous assessment process in order to verify and improve these controls. As is always the case, we have risk-assessed these existing controls in the context of this new threat and are confident that they provide sufficient mitigation against any actor attempting to exploit this vulnerability.
It has been widely reported that due to the nature of this vulnerability any mitigation could have a performance impact ranging from 5% to 30%. Unfortunately this is an inherent problem with how the CPU architecture design and is beyond the control of TERMINALFOUR. We are, as always, proactively monitoring our infrastructure but should you notice any performance impact please let us know and we can investigate any specific cases.
Response and Mitigation
Kernel patches for the Intel Meltdown vulnerability have been released by CentOS/Red Hat and Microsoft and have been applied to our hosted infrastructure. In order to activate these patches and verify that they have been activated a reboot of all affected instances will be required. Our hosting team will be perform the necessary restarts, where appropriate and where service availability is not impacted. Priority will be given to more exposed, internet facing, services such as web servers. Where redundancy exists in the service architecture our engineers will proceed as is prudent and there should be no loss of service to you or your customers. Where any maintenance could result in a loss of service, these restarts will be scheduled in consultation with our customers.
Should you have any requirement for further information or wish to discuss any aspect of this issue with TERMINALFOUR, please do not hesitate to contact our Client Support team through the usual channels.