• livemarks

info@qualityplusconsulting.com l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit https://qpcsecurity.podbean.com where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - 2018 Security Predictions - Meltdown and Spectre Fix HowTo

1/19/2018 - Originally published 1/3/2018 to cover Meltdown and Spectre vulnerabilities

2/2/2018 - Meltdown/Spectre bug fix how-to

 

 

Security Predictions for 2018 - Spectre/Meltdown Fix How To

Trend Micro - Security Predictions for 2018

The latest security updates require manual checking and modification prior to being allowed

MP3 - 2018 Security Predictions

A full show on the details of how to install the Spectre and Meltdown bug fixes

MP3 - Spectre / Meltdown Mitigation Recap

 

 
 

Summary

  • 2018 Security Predictions
  • Meltdown and Spectre CPU - Kernel security vulnerabilities
  • Why you must have a relationship with a consultant that is dedicated to staying up-to-date on security and maintenance issues
  • Endpoint security product potential compatibility problems with security patches
  • Why on-premise security management servers are not the best option for most orgs anymore
  • Don't get misled to buying non-OEM transceivers unless you are willing to take the support risk
  • Full description of what you need to do in order to patch and mitigate Meltdown / Spectre
 

1/3/2018 critical security patch - will only install after manual action (Meltdown/Spectre)

As of 1/3/2018, a new critical flaw patch was released addressing CPU security vulnerabilities.
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Manual action is required due to compatibility checking, or these updates will not be installed.

https://success.trendmicro.com/solution/1119183https://success.trendmicro.com/solution/1119183
 

2018 Trend Micro Security Predictions

https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2018
 

The risk of using non-OEM transceivers

Don't get sucked into the idea that you can actually save money buying non-OEM transceivers.

You will find yourself without manufacturer support for your networking solution.

Integra Optics claims that it is a scam. While you may be able to get by with non-OEM transceivers in a lab, I would not use them in a production environment. If your networking solution does not have support, you have a brick.

https://www.networkcomputing.com/networking/gartner-dont-fall-network-transceiver-scam/2000367017
 

FBI is barking for encryption backdoors - again

https://www.thenewamerican.com/tech/computers/item/27946-new-fbi-director-hints-at-backdoors-for-encryption

Trend Micro Worry-Free Business Security Services has added DLP and anti-exploit protection features in their latest client update.
Linkedin