Hopefully everyone knows or has at least heard about the Heartbleed Bug, but if not, this blog is for you. Heartbleed is a serious flaw located deep inside the OpenSSL package which is used by a number of Operating Systems and applications and has been in in public domain for around two years.
This is an upside to this, not every website and system is exposed to this flaw, only systems which use OpenSSL is vulnerable such as various BSD, CentOS and other UNIX variants. Not to mention Virtual Private Network (VPN) applications and some mobile devices.
Now that the bug in OpenSSL has been exposed, a clean-up operation is necessary to ensure that the vulnerability is removed, unfortunately it’s not as simple as making users change their passwords. Companies need to review their systems and where appropriate renew and update their OpenSSL X.509 security certificates.
The OpenSSL issue has highlighted the issue that companies need to make sure that they keep all their systems up to date at regular intervals and that passwords are not common across devices. In addition, intrusion detection and prevention tools (IPS/IDS) can be implemented to help detect and protect against attempts to exploit this bug.
One of the best sites to find out whether you are vulnerable or not is: https://www.ssllabs.com.
For more information regarding the Heartbleed Bug can be found here: http://heartbleed.com.
If you still aren’t sure whether you are fully protected or not, you should enquire about a network security vulnerability assessment across your infrastructure, this will give you the added piece of mind that you are secure. TeraByte IT can provide this service to you at a reasonable price.