Hi Dan,  Always a pleasure to hear from you ...

This topic has been under private discussion within the AstLinux team ... I 
won't speak for others but I will share my personal thoughts.

The Cisco folks offer this nice Summary ...
--
Cisco: CPU Side-Channel Information Disclosure Vulnerabilities

"To exploit any of these vulnerabilities, an attacker must be able to run 
crafted code on an affected device. Although the underlying CPU and operating 
system combination in a product may be affected by these vulnerabilities, the 
majority of Cisco products are closed systems that do not allow customers to 
run custom code on the device, and thus are not vulnerable. There is no vector 
to exploit them."

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
--

AstLinux is the same sort of fixed-code device (appliance) ... "There is no 
vector to exploit them (the vulnerabilities)."

Let's assume you do not allow untrusted users adding executable binaries to 
your AstLinux box :-)

My opinion, keep your AstLinux network stack as locked down as possible, only 
enable services you need, use a VPN for remote management, and keep up with the 
latest AstLinux security fixes we offer.

Lonnie


On Jan 22, 2018, at 5:34 AM, Dan Ryson <d...@ryson.org> wrote:

> Hi,
> 
> Considering the prominence of Spectre and Meltdown discussions in the trade 
> press, I must ask:  What is the prevailing advice for those (like me) who are 
> running Internet-facing AstLinux systems on Intel hardware?
> 
> Thanks,
> 
> Dan



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to