Security flaw(s) in computer processing units

Everything from smartphones and PCs to cloud computing is potentially affected by major security flaws in computer chips. Since market leader Intel’s CPUs were first reported as affected, Intel gets most of the heat, but it is not alone. Like the tip of the iceberg, it’s just the part of the problem that can easily be observed. Its basis lies below the surface: if you’re too focused on speed, you may end up jeopardizing security. 

What exactly is the problem?

Speculative execution is an optimization technique to enhance processing speed, retrieving and pre-fetching data before they are even needed, in order to prevent delays. However, this opens an invasion gate hackers can use to steal passwords, encryption keys or other sensitive data.  

Experts describe two possible attack scenarios:
Meltdown:  Information is captured from operating systems
Spectre: Programs like web browsers are used to capture data

Virtually any processor using speculative execution is affected. While Intel news dominated the media in the beginning, especially as they seem to be primarily affected by Meltdown, Spectre is meanwhile considered even more serious and more widespread among AMD, ARM and other manufacturers’ CPUs.

May these bugs affect the IACBOX?

The IACBOX does not provide options to execute client specific programs. Therefore, the main invasion gate for such a scenario being not available, a potential invader would not be able to run any process on the IACBOX system. Thus, we consider the threat to be rather low for our system. However, we dedicate the necessary attention to the problem and provide the latest kernel updates as soon as they are available – a lot has already happened, our developers are still working on it with highest priority.  

While software fixes help to guard against attacks exploiting hardware security flaws like these, fully removing the vulnerability would require replacing affected processors. Software patches are provided to mitigate these exploits, but they are estimated to degrade CPU performances, figures up to 30% are cited.

How much can this loss of performance affect the IACBOX?

The IACBOX software is engineered to run efficiently, thus saving resources and not requiring substantial CPU loads. Obviously, the specifications of the server hardware we sell or recommend have not taken into account the new workarounds to fix the latest security flaws yet. We will need a few tests under the new set of conditions before we can give new recommendations.

As far as we have investigated and understood it to date, we can assume that for the vast majority of active IACBOX licenses, there will be no perceivable loss of performance.
Important for IACBOX clients: In order to receive the relevant software fixes, you need active Software Maintenance for your system. You can check the status of your licenses Software Maintenance anytime in your WebAdmin dashboard.

You can also check your CPU type in your WebAdmin dashboard under Hardware.

Should I replace my server?

The Basic G3- and Lite Servers purchased for Asteas are currently not affected by the Meltdown problem. For all other server types we are still investigating, but we can assume that in the vast majority of cases, server replacement for the sole reason that fixes for the security flaws are needed will not be necessary.

Answering the following three questions will help you to find out if in your particular case, server replacement would be advisable:

  • Are the workloads deployed on your server permanently high or close to the limit? This can be the case if the number of concurrent devices online in your system is always close to the maximum and larger amounts of data are processed. Check our recommendations here.
  • Do you use Application Control oder Content Filter? These modules are more CPU-intensive than other IACBOX software and can generate higher workload.
  • Do you operate your IACBOX in a VM environment? If more systems are running on the same VM host, overall workload can be high enough to result in a perceptible loss of performance.

In these cases -  especially if all three aspects apply – a hardware upgrade might be advisable anyway, regardless of the lately revealed security flaws.  

At Asteas we are working year-round to keep our system healthy and secure for our current and future clients. As digitization progresses, software and hardware security is an increasing challenge, and we have to be aware that such problems are likely to arise even more in the future. Accordingly, it is a matter of particular concern to us to sensitize our clients for the importance of active Software Maintenance and regular updates for the security of their IACBOX

Are you interested in wireless Internet access for guests, staff or things for your enterprise, or do you provide network solutions for clients? Drop a few lines to share your opinion with us:

At Asteas, we see it as our task to shape wireless Internet access in networks efficient and legally conformant for the supplier, efficient and comfortable for the user and secure for both.

For more information, visit our website or contact us here.

More information
This website uses cookies to improve its usability.