Storage arrays, either directly connected or configured as NAS or SAN, are not immune to the security flaws of Meltdown and Specter. The arrays contain servers known as controllers, and those servers have their fair share of microprocessors for products where insects like to create homes.
TechRepublic polled Dell EMC, IBM, Hewlett Packard Enterprise, NetApp and Vantara (formerly Hitachi Data Systems). Each company provided an official statement or posted one on its site.
Of course, this also affects cloud storage.
Dell EMC
The link to the data protection security notice is only accessible to customers, but the public version of that notice can be found here. Some of this information was provided to me by Dell EMC in an email.
"For Specter / Meltdown: Because we are a large user of the Intel and AMD chipsets, Dell is currently conducting an impact evaluation of our products across the entire portfolio. We will post information such as lists of specific products that look affected, along with links to patches / fixes / product updates as our security and engineering teams make them available.For the moment we can not provide a schedule for the availability of patches / fixes / updates for any specific product. We ask our clients to check the links below often, as we will update these on a daily basis.
Dell is aware of the attacks of lateral channel analysis (also known as Meltdown and Specter) that affect many modern microprocessors. We are working with Intel and others in the industry to address the problem. For more information about the affected platforms and the next steps, see the following resources. They will be updated periodically as new information becomes available. "
IBM
"Google has announced a widespread problem with the CPU architecture that could affect the security of the system.
IBM is working with our customers and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It is important to bear in mind that there are no known cases in which this vulnerability has been used maliciously.
The patches will be available for IBM systems through our normal customer portals. You can find more details about the potentially affected processors in the POWER family here. According to our usual process, all information for IBM Z clients can be found in IBM's Z Portal.
IBM storage devices are not affected by this vulnerability.
Additional information will be provided through normal IBM communication channels, including IBM security bulletins. Actively control both your IBM Support Portal and the IBM PSIRT Blog.
The most immediate action that customers can take to protect themselves is to avoid running unauthorized software on any system that handles confidential data, including adjacent virtual machines.
We will continue updating this blog to include additional information as appropriate. "
For more recent information on the IBM response, read this article on the TechRepublic ZDNet partner site: Meltdown-Specter: IBM prepares firmware and operating system repairs for vulnerable power CPUs.
Hewlett Packard Enterprise
"HPE has been informed about a problem that affects certain microprocessors, the safety of HPE products is our top priority and we have worked with our operating system and microprocessor partners to develop updates to solve this problem for the most common versions of the operating system and the current HPE server, generations, with additional resolutions coming in. Customers can find a list of affected products on the HPE vulnerabilities website and instructions on how to download the resolutions in the HPE Security Bulletin or talk to their representative of HPE. "
NetApp
"ONTAP is not susceptible to Specter or Meltdown attacks, as they depend on the ability to execute malicious code directly on the target system, and ONTAP is a closed system that does not provide mechanisms to execute third-party code. The same goes for all ONTAP variants, including ONTAP running on FAS / AFF hardware and virtualized ONTAP products such as ONTAP Select and ONTAP Cloud, NetApp has advised hypervisor clients to work with their cloud platform providers to make sure your ONTAP product is running on a secure and repaired platform. "
SEE: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
Vantara
"Vantara is aware of the recently published research that details the vulnerabilities involved in the abuse of speculative execution known as Meltdown and Specter.Our engineers are working with our HW and SW partners (suppliers) to fully assess the impact and implications of this. We did not receive any information to indicate that these vulnerabilities have impacted any of our clients to date, and our initial evaluation is that they would require a high level of sophistication to exploit .We are actively and will continue to deliver updates to our clients as we the situation develops and more information becomes available. "
No comments:
Post a Comment
Note: only a member of this blog may post a comment.