Is there any other mitigation measures other than the usual 3 patchings below for Meltdown & Spectre?
3 steps approach (physical servers) :
- A registry key has to be applied (manually, via GPO, SCCM or via AV program)
- A patch from Microsoft has to be applied
- A BIOS/firmware update has to be executed
We are concerned with the performance impact : I heard it's the BIOS/firmware update that will cause performance impact.
Fair to say that only servers in DMZ (directly facing Internet) runs much higher risk of data leakage/loss compared to
servers (in internal/backend zone) that have no Internet connectivity?
Anyone know if McAfee NIDS (Network IPS) appliance has signature to mitigate or DLP (we have Codegreen
network DLP appliance) can help prevent such data loss/leakage?