Re: [j-nsp] [c-nsp] Meltdown and Spectre
Hello. Info from Juniper: https://forums.juniper.net/t5/Security-Now/Meltdown-amp-Spectre-Modern-CPU-vulnerabilities/ba-p/317254# W dniu sob., 6.01.2018 o 19:51 Sebastian Beckernapisał(a): > Same here. User that have access are implicit trusted. So no need for > panic. > > — > Sebastian Becker > s...@lab.dtag.de > > > Am 06.01.2018 um 12:58 schrieb Gert Doering : > > > > Hi, > > > > On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote: > >> For cve related to Meltdown and Spectre I'm wondering to know what are > you > >> doing or going to do on your networking gears? > > > > "Nothing"... > > > > My networking gear does not execute external code (like, JavaScript), > > so the question "will untrusted external code be able to read secrets > > it should not see" is not overly relevant. > > > > > > Now, for those newfangled stuff where vendors think that you MUST HAVE > > VIRTUALIZATION! on the control plane, so YOU CAN RUN STUFF THERE!!! - > > we do not have any of those (yet), but if we had, we'd ask them for > > hypervisor patches... > > > > gert > > > > > > -- > > now what should I write here... > > > > Gert Doering - Munich, Germany > g...@greenie.muc.de > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] [c-nsp] Meltdown and Spectre
Same here. User that have access are implicit trusted. So no need for panic. — Sebastian Becker s...@lab.dtag.de > Am 06.01.2018 um 12:58 schrieb Gert Doering: > > Hi, > > On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote: >> For cve related to Meltdown and Spectre I'm wondering to know what are you >> doing or going to do on your networking gears? > > "Nothing"... > > My networking gear does not execute external code (like, JavaScript), > so the question "will untrusted external code be able to read secrets > it should not see" is not overly relevant. > > > Now, for those newfangled stuff where vendors think that you MUST HAVE > VIRTUALIZATION! on the control plane, so YOU CAN RUN STUFF THERE!!! - > we do not have any of those (yet), but if we had, we'd ask them for > hypervisor patches... > > gert > > > -- > now what should I write here... > > Gert Doering - Munich, Germany g...@greenie.muc.de > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp signature.asc Description: Message signed with OpenPGP ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] [c-nsp] Meltdown and Spectre
Hi, On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote: > For cve related to Meltdown and Spectre I'm wondering to know what are you > doing or going to do on your networking gears? "Nothing"... My networking gear does not execute external code (like, JavaScript), so the question "will untrusted external code be able to read secrets it should not see" is not overly relevant. Now, for those newfangled stuff where vendors think that you MUST HAVE VIRTUALIZATION! on the control plane, so YOU CAN RUN STUFF THERE!!! - we do not have any of those (yet), but if we had, we'd ask them for hypervisor patches... gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper MX w/ macSEC
Hello, Does anybody have experience of using macSEC on Juniper MX240 with RE-S-1800x4-32G and 10G linecards? Is there a big performance/latency hit to be expected when pushing 10-20G? With thanks, Alex Sent with [ProtonMail](https://protonmail.com) Secure Email. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Meltdown and Spectre
Hello, Cisco has official advisory for that... https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel https://kb.juniper.net/InfoCenter/index?page=content=JSA10842=SIRT_1=LIST In general, if you have properly protected control plane of your device (see RFC 6192 for recomendations), there's no reason for panic. You must wait for vendor's updates... and it's complex issue, there's no simple fix (current fixes available in Linux for example aren't covering all CVEs yet). With regards, Daniel On 01/06/2018 12:04 PM, james list wrote: > Dear all, > For cve related to Meltdown and Spectre I'm wondering to know what are you > doing or going to do on your networking gears? > > I'm struggling to understand something from vendors but I'd like to hear > from people in the pitch. > > Cheers > James > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Meltdown and Spectre
Dear all, For cve related to Meltdown and Spectre I'm wondering to know what are you doing or going to do on your networking gears? I'm struggling to understand something from vendors but I'd like to hear from people in the pitch. Cheers James ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp