The Digital Deli Gen-3 Cloud service places security and performance at the top of our list of priorities.
Hacking tools of an unprecedented nature allowed bad actors to penetrate many high profile systems undetected during 2017.
Due to critical unpatched vulnerabilities in Q4-2017 all Gen-3 Cloud domain services (web, email) were placed on enhanced L3 (level 3) real time monitoring on December 1, 2017.
Information assurance best practices drove our decision to provide enhanced threat vector analysis monitoring while operating system and server application providers analyzed and tested mitigation for the latest crop of vulnerabilities.
Meltdown and Spectre Vulnerability
The following pertains to the recent Meltdown and Spectre vulnerabilities and what action is being taken to protect your domain and email service on Gen-3 Cloud.
On January 3, 2018 the Meltdown and Spectre vulnerabilities were publicly disclosed. This affects modern CPU's from Intel, AMD, ARM and goes back as far as 1995.
A BIOS update by itself can not correct the CPU hardware vulnerability. This exploit applies to almost every CPU in use today.
Since it would be impossible to replace every CPU on every (server, PC, mobile device, router, etc) device the responsibility of shouldering the CPU hardware problem has fallen onto operating system and server application providers, researchers, technologists and customers.
Based on advisories from CERT1 and NIST2, industry partners (Ubuntu, Google, Microsoft, Apple, Amazon, Cisco, Intel, AMD, ARM, ...) have collaborated to find a solution.
The effect of applying software patches to correct hardware CPU vulnerabilities will require greater system resources.
This is a new class of vulnerability that requires a new level of vigilance, now and in the future.
(1) US-CERT: Computer Emergency Readiness Team
(2) NIST: National Institute of Standards and Technology
Meltdown and Spectre Mitigation
On 01/27/2018 Digital Deli Network Operations Control began a series of systematic steps to mitigate the vulnerability from Meltdown and Spectre on Gen-3 Cloud.
(1) All Domain Ecosystems (web, database, mail, etc) will need upgraded system memory and/or CPU resources to operate with security patches associated with Meltdown and Spectre.
(2) Legacy unmanaged hosting is no longer supported and has been superseded by Tier 1 service plans providing the Platform, Managed Infrastructure and Operations Management, Incident Support and preapproved mitigation.
(3) Customers requiring PCI-DSS, HIPAA/HiTech, CJIS-SP, and GDPR may choose a Tier and Level of Cyber AI and iAuth+ service for a baseline managed secure server platform.
(4) Upgrade service by 1/31/2018 to ensure uninterrupted operation of web and email systems.
What to Expect During Upgrades
From Jan 27th – Feb 5, 2018 (tentative)
(a) customer systems will be monitored and when idle they will be briefly taken offline, backed up, updated and brought back online. Systems are staged for a series of upgrades and will typically be offline for between 10-20 minutes (avg 15m).
(b) during upgrades a user may be unable to reach your site or send your domain email. Inbound mail systems should automatically retry sending and not present a problem.
keep in mind, more updates are likely in the coming weeks.
Contact Network Operations Control if you need support associated with this advisory.
rollout window for this advisory is 1/27/2018 - 02/05/2018.
External Links on Meltdown and Spectre
Opens in new windowCERT CVE-2017-5753
Opens in new windowNIST CVE-2017-5753
Opens in new windowNIST CVE-2017-5754
Opens in new windowMeltdown and Spectre
Opens in new windowWired - Triple Meltdown
Opens in new windowWired - Meltdown and Spectre Patching
Secure, Reliable, Future Ready Infrastructure
The Digital Deli takes security, performance and reliability into the next generation with Internet 4.0 Digital Ecosystems.
Tier 1 plans for Information Resource, Business and E-Commerce provide baseline configurations to form the nucleus of your digital ecosystem.
Internet 4.0 Digital Ecosystems can scale from a small global infrastructure to a multi data center powerhouse for a clear pathway into the future.