A Note on the Spectre, Meltdown, and Foreshadow Vulnerabilities
TeraGo is committed to the safety and security of all its customers. TeraGo security specialists have been tracking the Spectre, Meltdown, and Foreshadow vulnerabilities since the news was announced earlier this year, and we are taking active steps to ensure our infrastructure is as up to date and as secure as possible.
What are the Vulnerabilites about?
These vulnerabilities relate to something called a speculative execution side-channel L1 Terminal Fault (L1TF). Simply put, this fault allows potential access to data stored on a physical cache (L1) on a CPU. Virtualized environments use a technology called simultaneous multi-threading (SMT) which allows two virtual processors to run ‘sibling threads’. Both threads have access to L1 cache memory, and via this vulnerability, one thread may be able to read data that is not its own. In short, data may be accessed through a fault at the CPU level.
More details on these vulnerabilities can be found here:
Intel’s Video: https://www.youtube.com/watch?v=n_pa2AisRUs
Security Researcher Video: https://youtu.be/ynB1inl4G3c
Red Hat Video: https://www.youtube.com/watch?v=kBOsVt0iXE4
What We’re Doing:
To address these vulnerabilities, systems must be updated at the firmware, hypervisor, and operating system levels. Where TeraGo has control of all three levels, we are actively patching all of them. In some cases, in particular with Private Cloud solutions, customers may ‘own’ the operating systems themselves. TeraGo will patch the firmware and hypervisors for these customers, and work closely with them to assist with patching of their operating systems where necessary.
What Customers Can Do:
We recommend three levels of activity to our customers:
- Harden virtual environments where the customer has control to do so (those in TeraGo’s control are hardened on an ongoing basis).
- Review and tighten controls over user access where possible.
- Keep up to date on all the latest security updates.
How Will This Impact Me?
The changes made by these patches can impact CPU performance – in some cases by as much as 30%. This applies in particular to Multi-Tenant and Private Cloud customers who may see double-digit performance drops. TeraGo will work closely with its customers to assist in mitigating these performance issues, possibly working to add additional CPU power for systems that were running at high levels of system utilization. Please contact our service centre for more information-1.866.837.2462