Now that we’re a few weeks into the aftermath of the discoveries of the Meltdown and Spectre vulnerabilities, patches have been rolled out from many vendors and more details about the issues and potential exploits have been revealed.
At ADNET, we have been using our own environment as a test prior to rolling it out to clients. So far, we can happily report that there don’t appear to be any major performance impacts caused by the patches. However, we have been cautious in our approach and believe that testing is key with patching systems and installing the updates.
We have tested the patches on our own desktops, and we haven’t seen any adverse effects with rolling the patches out to our workstations. However, our machines are newer, and from the reports that we have heard you may have a different experience with equipment that is more than four to five years old. Prior to applying any patches, we ensured that all anti-virus was up to date, but so far we have not had any blue screens or experienced any of the other major issues that were speculated about.
For servers, we recommend being more conservative. With any servers that are more than three years old, you WILL notice a significant performance hit. If your servers are at this point, try patching one before you patch them all. If the impact is tolerable, great. If not, this may be your opportunity to go through your inventory and consider saying goodbye to some of your older hardware. Any servers less than three years old will be impacted much less noticeably, and you likely won’t see the difference.
The biggest concerns we have for this vulnerability are for virtual environments, VMware, and Citrix Servers. Again, in this case we suggest testing on a limited basis prior to rolling out the patches to everything.
These vulnerabilities have sent many people into a panic, and to an extent they should. The possible impact of their exploitation is severe, and security is never something to take lightly. But to put it in perspective, these issues have been around for years. Not days, not months, years. The only thing that has happened recently is the discovery, and with that the potential for criminals to exploit them. Yes, it’s important to mitigate the risk, but realistically if they’ve already gotten to the point where they’re in your network and they CAN exploit it, that’s a much bigger problem.
Security should be a multi-layered approach, and if you’re not stopping attackers before they’re in, you’re already in trouble. Think of it as trying to stop a burglary – where do you want someone apprehended? Would you rather they’re stopped at the end of your driveway, at your door, or when they’re already inside your house? I know I’d prefer they stay on the street, far away from my home (at the very least, I don’t want them to make it past my door!), and I feel the same way about our network.
Tips to keep attackers from being able to breach your network in the first place:
- Ensure that your firewall is up to date, and intrusion protection is turned on.
- Implement dual-factor authentication for things connecting to your network.
- Have multiple layers of antivirus, on the server, firewall, etc.
- Educate your users! I can’t stress this point enough. Your users are your first line of defense, and they’re also your weakest link.
We’ll keep you updated if there are any new developments with the Meltdown & Spectre vulnerabilities, but please don’t hesitate to reach out to us if you have any questions or concerns in the meantime.