Meltdown and Spectre: Security advice and recommended precautions for SINA

SINA systems also include processors affected by the recently identified security flaws (Meltdown, Spectre). However, unlike standard Windows or Linux platforms, the SINA system architecture makes it difficult to exploit these flaws.

The German Federal Office for Information Security (BSI) and secunet are collaborating closely to analyse the security flaws and possible impacts on SINA. Although this analysis is not yet complete because of the complexity of the Spectre attack, we would like to inform you of our current assessment nonetheless. In particular, the BSI and secunet recommend that you take organizational precautions to reduce risks until our analysis of the security flaws is complete.

SINA Box
Based on our current knowledge, SINA boxes of all levels and versions are not at any significant risk from Meltdown and Spectre.

SINA Workstation E/H and SINA Thin Client E/H
In order to minimise risks, the BSI and secunet recommend discontinuing the *parallel* use of sessions (also referred to as sessions, guest systems or guests) on SECRET and CONFIDENTIAL systems for the time being (until secunet and the BSI have completed their analyses). In other words, sessions should only be started one at a time.
If you wish to start different sessions sequentially (i.e. one after another) on the same device, we recommend taking the following precautions:

•    Deactivate the auto-starting of sessions if your auto-start settings cause multiple sessions to be started in parallel.

•    When you “hibernate” a session (suspend to disk), information may remain in the temporary memory of the SINA system. In order to minimise the risk of a Meltdown/Spectre attack, we strongly advise against simply suspending the session if switching between different sessions, and instead recommend that you shut down the SINA workstation or the SINA Thin Client completely before starting any new session. Please wait a few seconds between shutting down and restarting the system to be sure that temporary memory spaces no longer contain any information.
The BSI and secunet recommend that you implement these precautions as quickly as possible.

SINA Workstation S and SINA Thin Client S
When operating SINA Workstation S/SINA Thin Client S systems, the risk can be reduced by taking the same measures as for E or H systems. However, the lower classification level of the data being processed means that there is no urgent need for action.

As always, please observe the security advice from the BSI with regard to your SINA sessions; this is being continually updated as part of the Meltdown/Spectre analyses. As a general rule, the BSI always recommends keeping the entire IT infrastructure updated, including SINA systems and sessions, and applying any patches that become available as quickly as possible.

Any new findings arising from the analyses being conducted by the BSI and secunet will be communicated immediately through the usual channel. To this end, please ensure that you have provided secunet with the correct details for your current security information contact and that any SINA security information has been forwarded to the correct addressees within your office, including in cases of absence. If necessary, please send the current contact details of your security contact to incidentmanagement@secunet.com.