Image result for How to Protect Your Server Against Spectre and Meltdown Vulnerabilities?

Internet is a place which is open to everyone in the world. Some use it wisely, and some others find a backdoor to invade your privacy or steal your data. But, sometimes our system itself gets affected with vulnerabilities that help the invaders called hackers to steal the data without actually having to work towards it. 

These vulnerabilities are called Spectre and Meltdown vulnerabilities. In this article, we will understand about them and how can we protect our Linux and Windows servers against such vulnerabilities to protect the critical information on our website from hackers.

 

What are Spectre and Meltdown vulnerabilities?  

Spectre and Meltdown are critical vulnerabilities in computer processors that allow the programs to leak information to the hackers as they run. Modern computer systems have been designed in such a way that one application cannot access the data from another program until the user have not explicitly provided access to the data. 

These vulnerabilities allow the attacker to access program data without user knowledge and permission. This means the attacker can gain access to your email, account information like usernames and passwords, personal documents, instant messages, tax returns and many other things. 

 

How to protect Windows Server from Meltdown and Spectre?

Meltdown and Spectre vulnerabilities quickly affect laptops, desktops, cloud servers and computers, and smartphones. Make sure your windows server is not vulnerable to these vulnerabilities. Microsoft has worked with CPU vendors to find a solution against these vulnerabilities. They have released important security updates. You need to follow the steps to protect your Windows server:

  1. Install all the available security updates
  2. Apply the firmware update for your OEM device manufacturer.

If you do not get any security updates released in 2018 while you are checking for updates, you need to add the following registry key on your virtual server:

KEY: “HKEY_LOCAL_MACHINE”

Subkey = “SOFWTAREMicrosoftWindowsCurrentVersionQualityCompat” Value=” cadca5fe-87d3-4b96-b7fb-a231484277cc”

Type = “REG_DWORD”

Data = “0x00000000”

Once you are done with adding this to registry keys, reboot your system. After it starts up, check for updates and if any new updates are available, install them and reboot again. Make sure you have the following security patches installed: 

  1. Windows Server, Version 1709 (Server Core Installation) – 4056892
  2. Windows Server 2016 – 4056890
  3. Windows Server 2012 R2 – 4056989
  4. Windows Server 2008 R2 – 4056897


How to protect a Linux Server from Spectre and Meltdown vulnerabilities?

Follow the steps to make sure your Linux server is protected from these vulnerabilities:

  1. To check the current OS version.

lsb_release -d

  1. For checking the current kernel version.

uname -a

  1. To check if the system is vulnerable:

Cd /tmp

wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

sudo sh spectremeltdown-checker.sh

  1. Run the following command to install the new patch

sudo yum update

  1. The main reason for yum update is to update the kernel version of the server. Once you install all the patches, reboot the system using the command:

 

reboot

 

  1. Once the system reboots, you can run the following command to check if it is still vulnerable:

sudo sh spectre-meltdown-checker.sh

Meltdown and Spectre vulnerabilities are critical and dangerous. They are known to affect the web hosting services, and therefore; we need to make sure that our web servers are always updated. Good Shared Hosting, Cloud Hosting and VPS Hosting providers use additional measures and deploy state-of-the-art infrastructure to reduce these vulnerabilities. Servers have credentials, user information, and in case of some e-commerce websites, your bank and credit/debit card details. Hence, you also have to make sure that you use additional security measures in the form of security tools.