Virtualization Technology News and Information
Cyber-Attacks Point Up Need for System Optimization

Although modern existence depends to a high degree on the proper and uninterrupted operation of critical infrastructure such as utilities, transportation, or healthcare systems, a new report from Positive Technologies presents evidence that the vast majority of these critical entities remain highly vulnerable to cyber-attacks. The research findings, the result of penetration tests and security audits performed on behalf of industrial companies, show that 73% of tested corporate information systems have insufficient perimeter protection against external attacks.

"The report describes a number of scenarios based on common vulnerabilities of large-scale systems," says James D'Arezzo, CEO, Condusiv Technologies. D'Arezzo, whose company is a world leader in I/O reduction and SQL database performance, adds, "What this really means is that in an age of heightened security threats and challenges, hardware and software providers must continuously release patches and fixes to stay ahead of the curve. These patches tend to degrade performance which then becomes a problem as well." 

Late last year, for example, Windows, Linux, and macOS all received security patches that significantly altered how the system handles virtual memory. In January, it was announced that the patches merely designed to deal with two separate families of exploitable flaws, named Meltdown and Spectre. Both attacks take advantage of the fact that all modern processors perform speculative execution, i.e. they guess what is coming and plug it in to save time. Spectre is a general attack based on a range of speculative execution features. Meltdown uses speculative execution to leak kernel data to regular user programs; the patches work by removing shared kernel mapping, which increases security but can also significantly degrade system performance.

A new attack this summer involved a variant of Spectre. The difference is that instead of attempting to read an array element that doesn't exist, it attempts to write an array element that doesn't exist. This attack method can be tremendously powerful, allowing an attacker to execute a code of their own choosing and completely compromise a buggy application. A range of software fixes for the problem have been devised. The first is to insert a delay between testing to see if an array element actually exists and then using it. The second is to constrain the array elements so that, for example, any attempt to speculatively access an element is always directed at the first element of the array.

"Hacking and cyber-crime aren't going to go away," says Condusiv's D'Arezzo, "and neither are the efforts of hardware and software developers to thwart them. There will continue to be a flood of patches and fixes, which can both degrade performance and-as we've seen with Spectre and Meltdown-create vulnerabilities if the fixes aren't deployed."

Between that and the constant need to process more data more quickly, optimizing performance becomes a constant issue. Condusiv Technologies has more than thirty years of experience in this area, offering software to maintain high performance on Windows-based systems. It can improve a storage and server system's I/O efficiency-the basic determinant of data processing throughput-30% to 50% or more, with no additional hardware cost.

Published Monday, July 16, 2018 11:12 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2018>