Author: majestic

These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are not typically permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.

This sensitive data might include your passwords stored in the password manager or browser, your personal photos, emails, instant messages and even business critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. This vulnerability basically melts security boundaries which are normally enforced by the hardware. Desktop, Laptop, and Cloud computers are effected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information. Luckily there are patches against the Meltdown for Linux, Windows and OS X operating systems.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices into leaking their secrets.In fact, the safety checks of said best practices actually increase the attack surface and may make more applications susceptible to Spectre. Almost every system is affected by Spectre: Desktops, Laptops, cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, Spectre is verified on Intel, AMD, and ARM processors. Spectre tricks other applications into accessing arbitrary locations in their memory. Spectre attacks involve including a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.

For everyone – whether you are a system administrator for a very large enterprise, or you have a single home computer – Install this patch as soon as it is available from your vendor. For consumers, enabling auto update ensures that patches install as soon as they are available to your computer.

SD-WAN is an acronym for software-defined networking in a wide area network (WAN). Traditionally, multi-location offices have been interconnected using MPLS or VPN technology. These technologies, although more reliable, have been expensive to deploy and maintain.

With the availability of cheaper optic fibre based internet, NBN and 4G connections, SD-WAN is an inexpensive alternative to allow companies to build higher-performance WANs using lower-cost and commercially available internet access, enabling businesses to partially or wholly replace more expensive private WAN connection technologies such as MPLS. This is ideal for situations where non-real-time applications like emails and file sharing form bulk of the traffic between multiple offices within an organisation.

SD-WAN allows your company to make use of multiple lower-cost internet connections, often with different ISPs and a mix of technologies (optic fibre, NBN and 4G), to configure redundancy within the WAN. This in effect also means, that you are not tied into the same ISP for all your sites as would have been in the case of a MPLS alternative. SD-WAN allows flexibility of choosing the best ISP for each of your locations independently.

American marketing research firm Gartner predicted in 2015 that by the end of 2019 30% of enterprises will deploy SD-WAN technology in their branches.

SD-WAN products can be physical appliances or virtual appliances, and are placed in small remote and branch offices, larger offices, corporate data centres, and increasingly on cloud platforms. A centralised controller is used to set policies and prioritise traffic. The SD-WAN takes into account these policies and the availability of network bandwidth to route traffic. This helps ensure that application performance meets service level agreements (SLAs) and QoS.

Features of SD-WANs include resilience, security and quality of service (QoS), with flexible deployment options and simplified administration and troubleshooting.

• Resilience – A resilient SD-WAN reduces network downtime. The technology features real time detection of outages and automatic switch over to working links
• Quality of service – SD-WAN technology supports quality of service by having application level awareness, giving bandwidth priority to the most critical applications. This may include dynamic path selection, sending an application on a faster link, or even splitting an application between two paths to improve performance by delivering it faster
• Security – SD-WAN communication is usually secured using IPsec, a staple of WAN security
• Application optimisation – SD-WANs can improve application delivery using caching, storing recently accessed information in memory to speed future access
• Deployment options – Most SD-WAN products are available as pre-configured appliances, placed at the network edge in data centres, branch offices and other remote locations. There are also virtual appliances that can work on existing network hardware, or the appliance can be deployed as a virtual appliance on the cloud in environments such as Amazon Web Services (AWS). This allows enterprises to benefit from SD-WAN services as they migrate application delivery from corporate servers to cloud based services
• Administration and troubleshooting – Management simplicity is a key feature for SD-WANs. As with network equipment in general, GUIs are preferred to command line interface (CLI) methods of configuration and control. Other beneficial administrative features include automatic path selection, the ability to centrally configure each end appliance by pushing configuration changes out, and even a true software defined networking approach that allows all appliances and virtual appliances to be configured centrally based on application needs rather than the underlying hardware

Majestic Computer Technology has partnered with Cisco Meraki and uses their platform to deploy and manage SD-WANs. If you want to know more, please call us on 1300 441 551 for a free consultation session.

In the year 2016, Australian businesses have been hit with $589,000 in damages over the use of unlicensed software. “By using unlicensed software, businesses are compromising their cybersecurity policies and putting their customers data at risk. It can also result in financial losses for the business, as information can be intercepted and repurposed for others financial gain. Not to mention the impact to the reputation of the organisation, business and its employees during any legal proceedings.” BSA director of compliance programs, Gary Gan said.

During 2016, the global software industry advocate organisation which is widely known as BSA settled 14 cases Australia wide. Each business caught using unlicensed software was forced to purchase genuine software licenses for its ongoing use, in addition to paying the copyright infringement damages.

“Our 2016 results reflect the increased public awareness of the security and business challenges that unlicensed software poses to Australian businesses. We strongly encourage all businesses, across all sectors to implement an effective Software Asset Management (SAM) practice. This, combined with regular checks of software licenses and deployments, will ensure their business is secure and avoids legal risks,” Gan added.

Other than the risk of paying copyright infringement damages, other benefits of using licensed software are –

• Pirated software often contains malware which can lead to the theft of company’s confidential information.
• With licensed software, regular software updates are available to mitigate any risks associated with vulnerabilities discovered since the software was first released.
• Pirated software can cause severe damage to your computer hardware which requires hardware replacement.
• Having genuine and licensed software speaks volumes about your company’s reputation and governance.
• Avoid all unnecessary IT and cyber security risks.

Whatever IT compliance requirements your business has, Majestic can assist in ensuring that you are always on top of the requirements. Utilising the industry standard tools and best practices, technology experts at Majestic can help your organisation to review your compliance requirements, current setup and help you fill in the missing pieces. Any work related to IT audit and compliance completed by Majestic are documented using standard documentation processes.