Browsing Posts in vSecurity

Reading Time: 4 minutes I’m very proud and honored to have been invited at the second Security Field Day (#XFD2) event. This is a brand new Tech Field Day (TFD) event, the Tech Field Day team started the Security Field Day event because they recognized that security is just as vital to IT operations as storage, networking, or virtualization. And of course there is more demand on those type of topics. You can learn more in this post by Tom Hollingsworth: Security Field Day – The Non-Conference.

Reading Time: 4 minutes The 2018 was the year of the CPU related threats, starting with the Meltdown and Spectre bugs affecting several processors, but with most of issues related to Intel based CPU. Unfortunately, this was only the beginning and many other bugs were discovered later. And we’re probably just at the tip of the iceberg.

Reading Time: 3 minutes The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules. The National Institute of Standards and Technology (NIST) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code.

Reading Time: 3 minutes This year has started with the revelation of the Meltdown and Spectre vulnerabilities afftecting most of the (old and new) processors including Intel, AMD and ARM… but also others. In little less than one year we are still far from the solution because there are some patches, but those patches have serious performance impacts and sometimes are those patches require more and more time to become effective (instead of causing new issues).

Reading Time: 4 minutes VMware NSX-T Data Center is the next generation product that provides a scalable network virtualization and micro-segmentation platform for multi-hypervisor environments, container deployments, and native workloads. It has not yet become features parity with NSX-v, but the gap is closing faster and there are also several new features and capabilities available ONLY on NSX-T. And the product is growing faster: on June was release the NSX-T Data Center 2.2.0 and now there is the new NSX-T Data Center 2.3.0 release (see the release notes).

Reading Time: 9 minutes With all those Meltdown, Spectre, Foreshadow, … bugs that affect several CPU, you may be interested in what can be the overall performance impact for all the related patches. There isn’t a simple answer, because it really varies by the processor vendor (Intel CPUs are more affected than AMD CPUs), probably also by CPU the family, for sure by the type of workloads (CPU bound workloads will be more affected, but it depends also on which instructions are used), … but also the type of environment.

Reading Time: 7 minutes The L1 Terminal Fault (aka Foreshadow) bug is another speculative execution side channel attack that affects Intel Core processors and Intel Xeon processors only. For VMware vSphere, there are some patches available as described in this document: VMSA-2018-0020. All patches have been released on August, 14th 2018.

Reading Time: 1 minute This is an article realized for StarWind blog and focused on the possible security threats in a virtual environment. See also the original post. Security is typically a hot-topic due also to several regulations and compliant rules and laws. But more important, a security breach can have huge collateral effects, also if no data has been stoled, or compromised. But, for example, a “simple” DoS attack that makes a service not available can have a bad effect on the reputation of a B2C company. This post will try to give an idea of some possible security threads in a […]

Reading Time: 2 minutes Now that Meltdown and Spectre vulnerabilities are almost fixed, there is a new critical vulnerability for several Intel CPU called BranchScope, discovered by some researchers from four universities. It’s again a speculative execution issue, in the method a processor uses to predict where its current computational task. By exploiting this flaw, attackers with local access could pull data stored from memory that’s otherwise inaccessible to all applications and users.

Reading Time: 3 minutes VMware has released (on Feb, 15th) a new vCSA version: vCenter Server 6.5 U1f, with build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715). VMware has also updated the security advisory dealing with all of its virtual appliances updates for Spectre and Meltdown vulnerabilities, VMSA-2018-0007. But note that VMSA-2018-0004.2 has not been updated yet, and it still report that the suggested version for […]

© 2019-2011 vInfrastructure Blog | Disclaimer & Copyright