Hardware Security – Best Practices and where to find the right information

With the publication of the Spectre and Meltdown vulnerabilities last year the new class of hardware security threads has been discovered. Everyone needs to protect against them. For Linux and System Z the most important best practice is to stay current. Install all the recommended security fixes for System Z, z/VM, z/OS and Linux.

But where to find the right security information? Here is what I recommend to check if you are using the respective product:

• System Z, z/VM, z/OS:
  • IBM System Integrity – IBM Z
  • register here for the IBM Z security portal
  • subscribe in the portal to notifications for all hardware and software products used
• Red Hat
  • Product Security Overview
  • Advisories
  • subscribe to notifications
  • Vulnerability Responses – high prio patches
  • Security Blog
• SUSE
  • Security Overview
  • Security Updates
  • Security Notification (mailing list)
• Ubuntu
  • Security Overview
  • Security Updates
  • Security Notifications (mailing list)

Now that you know where you can get the information, you can implement the best practices. They do apply for hardware security as well as for software security.

1. Establish a security focal point. I’ve been back in security now since Spectre / Meltdown and staying up to date with respect to all the vulnerabilities requires time and focus.
2. Subscribe to security notifications for all your products
3. Evaluate your exposure. There are big differences between systems directly attached to the Internet, Intranet systems and systems under tight control.
4. Plan for upgrades across the whole stack including the firmware.
   • regular upgrades
   • emergency upgrades