With the publication of the Spectre and Meltdown vulnerabilities last year the new class of hardware security threads has been discovered. Everyone needs to protect against them. For Linux and System Z the most important best practice is to stay current. Install all the recommended security fixes for System Z, z/VM, z/OS and Linux.
But where to find the right security information? Here is what I recommend to check if you are using the respective product:
- System Z, z/VM, z/OS:
- Red Hat
Now that you know where you can get the information, you can implement the best practices. They do apply for hardware security as well as for software security.
- Establish a security focal point. I’ve been back in security now since Spectre / Meltdown and staying up to date with respect to all the vulnerabilities requires time and focus.
- Subscribe to security notifications for all your products
- Evaluate your exposure. There are big differences between systems directly attached to the Internet, Intranet systems and systems under tight control.
- Plan for upgrades across the whole stack including the firmware.
- regular upgrades
- emergency upgrades