Hi Dan, Always a pleasure to hear from you ... This topic has been under private discussion within the AstLinux team ... I won't speak for others but I will share my personal thoughts.
The Cisco folks offer this nice Summary ... -- Cisco: CPU Side-Channel Information Disclosure Vulnerabilities "To exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them." https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel -- AstLinux is the same sort of fixed-code device (appliance) ... "There is no vector to exploit them (the vulnerabilities)." Let's assume you do not allow untrusted users adding executable binaries to your AstLinux box :-) My opinion, keep your AstLinux network stack as locked down as possible, only enable services you need, use a VPN for remote management, and keep up with the latest AstLinux security fixes we offer. Lonnie On Jan 22, 2018, at 5:34 AM, Dan Ryson <d...@ryson.org> wrote: > Hi, > > Considering the prominence of Spectre and Meltdown discussions in the trade > press, I must ask: What is the prevailing advice for those (like me) who are > running Internet-facing AstLinux systems on Intel hardware? > > Thanks, > > Dan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
