Measures against Meltdown and Spectre

We could hardly believe it when the news broke 3 January 2018 that modern processors have design flaws that might be utilized by attackers to break the security of passwords and other sensitive data.

The flaws allow for attacks categorised as Meltdown and Spectre.

Meltdown

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

Spectre

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets.

At the time Meltdown and Spectre became known to the public, most hardware and operating system manufacturers already had released patches for their products.

Security in the cloud

Security in the Dynaplan cloud builds on the secure servers of our website host Amazon Web Services, who has already patched their servers as a measure against Meltdown and Spectre.

Securing internal systems

To secure our internal systems and devices, Dynaplan applies the latest updates from the vendors to reduce the risk of breaches. We recommend our customers and followers to always stay up-to-date when it comes to system updates.

Increase security with encryption

Encryption gives an extra layer of security against current and future vulnerabilities and security threats. Shared Smia models are always encrypted when stored and transferred. This means that attackers will not be able to open models that are obtained by hacking servers or tapping communication channels. To reach the highest level of protection, also for models that are not stored in the Dynaplan cloud, we recommend that all models containing sensitive information are encrypted. The easiest way to do this, is to use Smia’s built-in key encryption feature.

Comments

Let us know what you think

You have to log in before you can comment on this article.

Please enter your account information to log in.

Notifications

Subscribe You must log in before you can subscribe to email notifications on this article.