L1 Terminal Fault

L1TF – L1 Terminal Fault Attack

 Summary

Epicor Eclipse is aware of the Terminal Fault Attack vulnerabilities that affect Intel microprocessors that unprivileged attackers can use this flaw to bypass memory security restrictions in order to gain access to data stored in memory that would otherwise be inaccessible.

Because it’s a vulnerability in the CPU hardware implementations, not a bug in the Eclipse application program, there is no “patch” from Eclipse.

We recommend that customers check with their hardware and Operating System (OS) vendors for applicable patches as the solution for Terminal Fault Attack.

Epicor’s Response

  • Apply the firmware update via BIOS update
  • Apply the operating system (RHEL & Windows) patch
  • Apply hypervisor patches where applicable

Recommended Customer Actions

We recommend that customers open a service request with Eclipse Systems support team and deploy patches on their platform and underlying infrastructure on a mutually agreed schedule.

Frequently Asked Questions

Q: How do I patch my system?
A: Install Red Hat updates.
A: Install Dell Firmware Update.

How do I Choose a Strong Password?

Best Practice for Creating Strong Passwords

Do Not Do the Following:

  • Never use only numbers or words in a password.
  • Do Not Use Recognizable Words
  • Do Not Use Words in Foreign Languages
  • Do Not Use Personal Information (If the attacker knows your identity, the task of deducing your password becomes easier.)
  • Do Not Invert Recognizable Words ( Good password checkers always reverse common word, so inverting a bad password does not make it any more secure.)

Do the Following:

  • Make the Password At Least Eight Characters Long
  • Mix Upper and Lower Case Letters
  • Include Non-Alphanumeric Characters
  • Pick a Password You Can Remember

Eclipse Database Replication

UniVerse Database Replication

 

Eclipse HA

Data replication frequency: typically “real time”
Time to recovery: typically a few minutes

Eclipse customers that want “real time” replication can use UniVerse’s native replication functionality. The software is configured to capture writes to the database and replicate them to a secondary server while preserving the integrity of the database. Recovery is also quick, since the Eclipse software is already up and running on the secondary server. This solution is implemented and supported directly by the database vendor, Rocket Software, so please contact your account manager for more details.

How do I set the IP address on my Digi PortServer server?

NOTE: these steps must be performed on the same LAN as the device.

  • Record the MAC address of the Digi device (located on the label side (bottom) of the unit)
  • Manually update the workstation’s ARP table using the Digi device’s MAC using one of the commands below, substituting the new Digi’s IP address and MAC address:
arp -s 192.168.2.2 00-00-9d-22-23-60
arp -s 192.168.2.2 00009d222360
  • Ping the Digi device using the IP address just assigned:
ping 192.168.2.2
  • When the Digi begins responding to pings, enter the IP into a web browser and login (user/pass root/dbps) to set the default gateway and subnet mask
  • Add to the digi device IP address to the /etc/hosts file
    vi /etc/hosts
    192.168.2.2 digi
    
    
  • Notify Eclipse that the Digi is online by updating your service request online with the Digi IP address
  • Eclipse will verify connectivity to the Dig and continue the VSIFAX configuration process