L1 Terminal Fault

L1TF – L1 Terminal Fault Attack

 Summary

Epicor Eclipse is aware of the Terminal Fault Attack vulnerabilities that affect Intel microprocessors that unprivileged attackers can use this flaw to bypass memory security restrictions in order to gain access to data stored in memory that would otherwise be inaccessible.

Because it’s a vulnerability in the CPU hardware implementations, not a bug in the Eclipse application program, there is no “patch” from Eclipse.

We recommend that customers check with their hardware and Operating System (OS) vendors for applicable patches as the solution for Terminal Fault Attack.

Epicor’s Response

  • Apply the firmware update via BIOS update
  • Apply the operating system (RHEL & Windows) patch
  • Apply hypervisor patches where applicable

Recommended Customer Actions

We recommend that customers open a service request with Eclipse Systems support team and deploy patches on their platform and underlying infrastructure on a mutually agreed schedule.

Frequently Asked Questions

Q: How do I patch my system?
A: Install Red Hat updates.
A: Install Dell Firmware Update.

How do I Choose a Strong Password?

Best Practice for Creating Strong Passwords

Do Not Do the Following:

  • Never use only numbers or words in a password.
  • Do Not Use Recognizable Words
  • Do Not Use Words in Foreign Languages
  • Do Not Use Personal Information (If the attacker knows your identity, the task of deducing your password becomes easier.)
  • Do Not Invert Recognizable Words ( Good password checkers always reverse common word, so inverting a bad password does not make it any more secure.)

Do the Following:

  • Make the Password At Least Eight Characters Long
  • Mix Upper and Lower Case Letters
  • Include Non-Alphanumeric Characters
  • Pick a Password You Can Remember

Meltdown and Spectre Vulnerabilities

Summary

Epicor Eclipse is aware of the Meltdown-Spector  vulnerabilities affecting many modern microprocessors from Intel, AMD, POWER and ARM chips that could allow hackers to access a computer’s memory and steal passwords, encryption keys and other private information from open applications.

Because it’s a vulnerability in the CPU hardware implementations, not a bug in the Eclipse application program, there is no “patch” from Eclipse.

We recommend that customers to check with their hardware and Operating System (OS) vendors for applicable patches as the solution for Meltdown and Spectre.

Epicor’s Response

  • Apply the firmware update via BIOS update
  • Apply the operating system (RHEL, Windows and AIX) patch
  • Apply hypervisor patches where applicable

Recommended Customer Actions

We recommend that customers to open a service request with Eclipse Systems support team and deploy patches on their platform and underlying infrastructure on a mutually agreed schedule.

Frequently Asked Questions

Q: How do I patch my system?
A:Install Red Hat updates.
A:Install Dell Firmware Update.

Q: Will these fixes slow down my server?
A:  Yes, there is performance impact caused by additional overhead required for security hardening, but the actual performance degradation that customers see may vary considerably based on the nature of their workload, hardware configuration and system constraints.

Q: Can I disable these fixes?
A: Yes, you can disable the kernel patches if you fell confident that your systems are well protected by other means. Please see this article from Red Hat for a step by step instructions.

References:

Best practices for securing the Eclipse database server

  • Don’t allow direct access to the Linux server from the public Internet
  • Don’t use a weak root password
  • Disable root remote Login
  • Don’t allow Eclipse users to use blank passwords – Enforce Stronger Passwords
  • Disable Unwanted Services
  • Enable Firewall
  • Keep your system up-to-date by installing updates (e.g. operating system, software, and firmware updates) and rebooting on a monthly basis.
  • Monitor Server Logs Regularly