More on Spectre and Meltdown Security

Reading Time: 3 minutes

Spectre and Meltdown (Part 2)

Spectre and Meltdown Security Looking At The First Line Of Defence For Your Business; As the industry comes to terms with the logistics and scale of the Spectre and Meltdown issue we are starting to see some cracks in the wall from vendors on providing stable patches to counteract the potential stealing of sensitive data across the board.

If you’re not up to speed with the issue take a look at our previous post Spectre and Meltdown for a quick overview of the problem at hand.

Reports from bloggers and news articles on BSOD – Blue Screen Of Death issues after applying Microsoft patches, VMware in the last few days has pulled its hypervisor patches as they are in a state of flux to work coherently with OS patching. “As a result, VMware is delaying new releases of microcode updates while it works with Intel to resolve microcode patch issues as quickly as possible.” Intel Sightings in ESXi Bundled Microcode Patches for VMSA-2018-0004 (52345)

It all sounds like doom and gloom at the moment while the industry scrambles to plug the holes in their row boats but are quickly running out of fingers. So what’s the end game here? What are we as service providers, business and consumers meant to do in the face of all this disruption and potential thieving of data?

Spectre and Meltdown Security | First Line Of Defence Options

First things first and that’s not to panic. The second is applying some common sense approaches to the problem.

The first line of defence is usually the best way to stop these things from spreading. Let’s tackle some common sense approaches to the problem.

Some Great Options:

Use Web Security Software

sophos intercept security

We do have options and they are squarely in our hands to control. Let’s start with helping mitigate how these security flaws can be accessed; if you have Sophos or other web security software at hand make sure that you have the latest patches and updates installed. For the moment the only verified way for your machine to be infected is via Java Script which is automatically executed when visiting a hacked website.

Restrict Access To Websites

Clamp down on end users browsing cat videos from random websites and implement some web security protocols to block all unnecessary websites or sites that have been compromised for the time being. Your WEB security software will usually be up to speed on these malicious sites and will give a warning before allowing access or completely blocking access to such sites.

Increase Browser and Java Security Settings

These days the default settings for these applications on desktops are set to medium. Take a look at IE/ Edge/ FireFox etc and increase to High; same with your Java applications change these from medium to High. These 2 changes will have implications and cause popup notifications every time you access a new site or try to run a java script. The best way to tackle this is to white list the sites in both the browser and Java application.

Now unfortunately almost every web application needs to execute Java Script, it’s such a crucial tool that you just can’t disable it completely. What can be done is to increase your browser’s web security so that a prompt/pop up is displayed when java script needs to be executed. Now this may not be possible for all environments to constantly acknowledge a pop up as it can be a disruption to workflow so another idea is to increase Java Security and then whitelist sites and URLs that are regularly accessed and are known to be secure.

Communicate With Users And Implement Logic Where Possible

Ask users to implement some logic where possible about their browsing habits; it’s not always the end users fault as sites are hacked regularly and hijacked with redirects put in place to compromise machines. For the time being try to only visit trusted sites until some serious security patching can happen from the major Tech vendors in our industry to stably implement the second and third line of defence.

If you don’t have web security software installed or just need a hand trying to work out what the best way to handle all of this is, simply pick up the phone and give us a call or shoot over an email to your account manager and we will be more than happy to assist in advising or implementing some security best-practices.

Email Us...

  • This field is for validation purposes and should be left unchanged.

Is it time to find a new Managed Service Provider?

Reading Time: 5 minutes Feeling unappreciated is the number 1 reason customers switch to a different product or service. Outstanding customer service has never been more critical, especially during COVID-19. If anything, the pandemic has raised customer expectations. Gartner predicted in 2014 that 89% of businesses would start competing on the quality of their…

Read More

Managed IT Services & Support

Reading Time: 6 minutes What are Managed Services? Glad you asked. Managed services are classified as ongoing support provided by an external IT provider. Many Managed Service Providers (MSP) charge a  minimum monthly cost for a set number of hours each month which can increase depending on the level of support needed and hours…

Read More

Benefits Of Hosting Your Website Locally

Reading Time: 6 minutes What is Web Hosting? The short version – Web hosting is a service provided by a hosting provider that allows businesses or individuals to publish their website and content on the internet. Many content management systems (like Wix & Squarespace) provide their own managed hosting services, while the likes of…

Read More

Managed WordPress Hosting Australia

Reading Time: 5 minutes As of 2021, WordPress powers 39.6% of the internet and is the most popular platform for building websites in the world. Major brands such as Mercedes-Benz and The Walt Disney Company are using WordPress to run their websites. Don’t let these prestigious companies scare you off. Yes, WordPress can build…

Read More

Can your business be successful without social media?

Reading Time: 4 minutes 3.96 billion people use social media. That’s over 50% of the world’s population ( Social media platforms like Facebook and Instagram produce the same dopamine-inducing effects caused by recreational drugs and gambling. If you scroll through Facebook or Instagram, it is one artificially staged illusion after another. Users are not…

Read More
Gerardo Altman

Gerardo Altman, Director of Problem Solving

With over 25 years’ experience in the IT industry, Gerardo Altman is a key solutions architect and MD of Velocity Host, with a love for Tetris and complex puzzles of every nature you'll find me hard at work doing what I do best – finding solutions.

  • This field is for validation purposes and should be left unchanged.