Tag Archives: dozen

No need to rush network patching for Spectre and Meltdown

The recently discovered security threat in CPUs from nearly a dozen manufacturers poses a low risk to corporate networking gear, so operators have time to test vendors’ patches thoroughly.

That’s the take of security experts contacted by SearchNetworking following the discovery last week of the Spectre and Meltdown vulnerabilities that affect Intel, AMD and ARM chips. In response, Cisco and Juniper Networks have released patches rated medium and low risk, respectively, for a variety of products.

The low risk of Spectre and Meltdown to switches and routers means network managers have the time to thoroughly test the patches to minimize their impact on hardware performance, experts said.

“If you’re getting a firmware update, you need to patch,” said Rob Westervelt, analyst at IDC. “[But] the issue is whether you just deploy the patch or test it thoroughly and make sure you don’t break any applications or anything else.”

Roughly 20 CSOs and IT security professionals interviewed by IDC were taking a methodical approach to applying Spectre and Meltdown fixes across all systems.

“While it is top of mind, it’s not something that they’re immediately jumping on to patch,” Westervelt said. “They are using established best practices and testing those patches first.”

Network performance at risk

Westervelt warned there is the possibility network performance will suffer. “In some cases, it could be very costly.”

If you’re getting a firmware update, you need to patch.
Rob Westerveltanalyst at IDC

Indeed, Microsoft reported in a blog post patches for the PC and server versions of Windows would range from minor to significant, depending on the age of the operating system and the CPU. “I think we can expect a similar variety of performance impacts across other [vendors’] products,” said Jake Miller, a senior security analyst at IT consulting firm Bishop Fox, based in Tempe, Ariz.

Security pros expect hackers sophisticated enough to exploit the hard-to-reach vulnerabilities to target mostly servers in large data centers that host cloud computing environments. Because of the level of expertise needed to take advantage of the flaws, hackers working for nation states are the most likely attackers, experts said.

Exploiting the CPU holes would involve crafting code that takes advantage of how some processors anticipate features computer users will request next. In preparation for those requests, processors will load into memory valuable data and instructions that hackers can steal.

“The threat is significant, but currently is limited to highly sophisticated attackers and hacking groups with the means to carry out multi-staged targeted attacks,” IDC said in a research note. “Financially motivated cybercriminals are more likely to continue to use more accessible, time-tested methods to retrieve passwords and sensitive data.”

Nevertheless, even a low risk to networking gear is worth the time needed for fixing. “It’s better to be safe than sorry,” said Jonathan Valamehr, COO and co-founder of cybersecurity company Tortuga Logic Inc.

AT&T 5G headed for 12 U.S. markets this year

AT&T plans to introduce fifth-generation, or 5G, mobile services in a dozen markets by the end of the year, as it aims to become the first U.S. carrier to offer the high-speed wireless network.

The rollout of the AT&T 5G services was sped up by the recent completion of new standards, the company said. In December, international wireless standards body 3GPP finished the new radio specifications that define radio access to the network.

The completed standards provide the specs device and chipset manufacturers need to build 5G products capable of handling data speeds of up to 10 Gbps — 10 to 20 times faster than the current 4G networks. In a statement, AT&T said it’s “confident this latest standards milestone will allow us to bring 5G to market faster.”

Verizon plan differs from AT&T 5G strategy

AT&T rivals Verizon, T-Mobile and Sprint also plan to offer 5G mobile services. However, the companies, including AT&T, haven’t described in detail the services they would provide.

While AT&T focuses on mobile, Verizon has aimed its initial 5G work at residential broadband services, which the company plans to launch in five markets this year. The higher-frequency range of 5G makes it possible for service providers to deliver high-speed internet to homes wirelessly.

Fifth-generation is expected to support tens of millions of new broadband connections at 50 Mbps or more. The higher speeds on fixed and mobile 5G services can power virtual reality applications, driverless cars and 4K streaming video.

While preparing AT&T 5G services for consumers, the company plans to test the technology with businesses across industries. AT&T said the lower latency of 5G would make it useful in edge computing, an architecture designed for the internet of things.

Despite the ongoing 5G rollouts, carriers are not expected to deliver wide-scale services until at least 2020. Manufacturers will need time to build support in devices, and most service providers are content to wait until they reap the full return on 4G investments.