What do the Spectre & Meltdown Attacks Mean for Diamond SIS (Student Information Systems)Customers?
In a previous post from Diamond SIS(Student Information Systems), Meltdown & Spectre: What You Need to Know (HYPERLINK TO ORIGINAL BLOG), we gave an overview of the Spectre and Meltdown attacks and why they are so damaging. These attacks pose the largest threats in cyber security history and have the potential to affect everyone who is utilizing a CPU made after 1995. These attacks could literally affect almost all desktops, laptops, mobile devices, etc. currently being used.
How Will Diamond SIS Customers be Affected?
Diamond SIS hosted servers and storage services underwent a planned update Dec. 21st, so much of the risk associated with Spectre and Meltdown were avoided altogether.
For Hosted Clients
In an alert this week, CEO Jim Queen announced the company was aware of the Spectre and Meltdown vulnerabilities and that the company was diligently working on solutions for clients. Queen stated that hosted customers “run on closed systems, which are less exploitable,” but in an effort to ensure protection of customers, Diamond SIS will apply patches for hosted customers and for hosted instances as an extended function of our current hosting services. All updates will be handled by the Diamond Managed Security Services team.
Specifically, the Diamond MSS team will upgrade and patch all Diamond SIS servers by January 14th at 11:59pm (PST), and will coordinate with client schedules to minimize inconvenience and disruption. The estimated “downtime” per client system is about 15minutes, and there is collaboration with the Support Staff and Cyberecurity team to identify which client servers require the patch.
For Non-hosted Clients
Non-hosted customers are a bit more problematical. To ensure that all Diamond SIS clients were protected, the Security team has put together next steps for non-hosted clients. Below are a variety of resources and best practices to mitigate Spectre and Meltdown attacks:
You should first do a threat assessment and technology assessment in order to determine if any of your equipment has been compromised. These assessments will be required by the Department of Education for your 2018 audit anyway, so there’s no duplication of effort or cost. Once your assessments are completed and documented, a plan of remediation can be designed and implemented. The combined efforts of these steps will establish a baseline for all of your technology and software, and allow for future monitoring knowing that you are beginning the year in good shape.
If you are using a desktop system with an AMD processor, there currently are no extra protective measures needed. AMD has been adamant that their products have not been affected and we have no reason to dispute their claims at this time. The Diamond SIS team is actively monitoring the situation, and—should anything change, further notification will be sent.
For any non-hosted servers, the latest Windows Update should be applied. See Microsoft Knowledge Base article 4072699 for more information. Make sure to make any necessary configuration changes to enable protection, and apply any applicable firmware updates from the device manufacturer. Keep in mind that system performance may be affected when applying these updates.
For more information on DMSS or other questions, please contact Customer Support or go to diamondsis.com/diamondmss. You are also invited to register for our upcoming Cybersecurity webinar on Thursday, January 18th at 12 noon CST by going to: