![]() This should be treated as if the master key to your corporate offices was in the hands of someone who may do you harm. In a modern computing environment, access to all memory is very similar to having the master key to a secure building instead of just a single office – thus, it is best that physical security protocols be employed to curb any possible exploit. Personal, and secure applications could sit side-by-side, but data was secure from snooping. Prior to the announcement of these flaws, it was believed that all memory access on servers at the hardware level was isolated, and compartmentalized. A Physical Security Problem in the Virtual World You know who is on your systems, and exactly what they are doing. You have worked to build a layered defense, and you added strong access controls during your deployment of our products. For BeyondTrust customers, deploying one or more of our products, puts strong controls in place to prevent any future exploits to your servers. There are no known exploits at this time, but with the knowledge of this vulnerability in the wild, it is imperative that compensating controls be put in place to prevent future exploits. Official patches for these vulnerabilities are becoming available, however, there is no ETA on complete resolution of the problem. The scope of the problem is global, and the impact on cloud servers is expected to decrease performance by a significant amount on some servers. This is the point in time where access to any system or server in your environment becomes a privilege.Ĭhip manufacturers have confirmed that one or both of these vulnerabilities impacts nearly every computer system in use today. Ultimately, these flaws will require access to individual servers to access their memory – you need to make sure that you tighten your controls to ensure only trusted individuals with a good reason access your systems. No matter how things develop with these flaws, now, more than ever, strong access controls will be required in your environment. ![]() ![]() ![]() All of this is taking place at the hardware level, but the flaws are at the software level.Įssentially, we have a physical security issue in the virtual world. The shortest description of the problem is that security that was believed to be in place to separate data used by one application from being accessed by another may be compromised. By now, everyone is aware of the latest widespread flaws on servers with modern hardware and computing chips – Meltdown, and Spectre. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |