Tell Me About The Heartbleed Bug
In this episode of “Ask SWC” Security Team members Tommy Montgomery and Viral Dhimar discuss the Heartbleed bug. Watch our video to learn more about this malicious exploit.
The Heartbleed bug continues to scour the internet malicious exploiting the vulnerable and affecting many popular websites and services. We asked our security expert, Tommy Montgomery, CISSP, ISSMP, CISM, GCFW, C|EH to tell us a little more about Heartbleed and how you can protect your organization.
What exactly is Heartbleed?
The Heartbleed is a vulnerability within certain versions of OpenSSL and it really affects the messages that are sent back and forth between clients and servers that keep SSL connections alive. The problem is a missed boundary check within these messages and what that does is it allows an attacker to send a message requesting more information from the server than they should actually be able to receive. Some of the information they get back from the server contains sensitive information like user names, passwords or session IDs – it’s really bad stuff!
Is Heartbleed as serious as people are saying it is?
It is. It’s one of the most serious vulnerabilities that we have seen in quite some time. That’s because it affects so much of the internet infrastructure and SSL by nature is usually used to protect sensitive information.
Some sources online say Heartbleed is only affecting servers such as Linux servers, is that true?
It’s not just servers that are being affected by Heartbleed, it’s actually clients and servers. That can actually be played in reverse, where the server sends a malicious message back to the client and receives information about its memory. It’s also not just Linux servers, it’s really anything, and it’s the internet of things. Heartbleed can affect routers, webcams, medical devices and anything that runs OpenSSL in a vulnerable version.
How can I protect myself from Heartbleed?
You can actually use some free online tools and websites that allow you check your servers or devices (check out Tommy’s last blog for the tools). The only problem with that is that some of the tools that are out there require a lot of advance knowledge to run, especially if you are testing devices that are inside your network and not out on the perimeter.
How do I find out if I’ve been infected by Heartbleed?
It’s not so much an infection, but you can find out if you are vulnerable. Other things you can do to mitigate this use perimeter protection devices such as IPS’ with released signatures that you can use to actually block these attacks.
How Can SWC Help?
SWC is currently performing Heartbleed detection and remediation for customers. We can scan your entire network and identify vulnerable devices. SWC can also assist in setting up IPS rules to block Heartbleed attacks and can design and implement WAF, IPS, gateway scanner and other mitigating solutions. Finally, SWC can review your current network defenses and identify areas for improvement.
If you have questions about Heartbleed or other threats to your security, please contact SWC today.
Related Past Posts
If you enjoyed this post, please take a moment to read some of our past posts about Security and Managed IT Services:
Heartbleed Is Much Worse Than We Thought
Security Awareness: Tips for Protecting Your Online Identity from Hackers
CryptoLocker Virus Tips – Take Action Now!
The Fundamentals of Cyber Security
Ask SWC: What Are Some Tips To Protect Your Network From Hackers?
SWC Discusses Target Security Breach On Telemundo News Broadcast
SWC Managed Services – A More Strategic Approach to IT