The Heartbleed bug is a vulnerability that’s compromising Internet applications like Web, email, and instant message communication. However, recent revelations indicate that there’s more to this threat. Unravelling the intensity of its potential, Heartbleed has recently been found to also affect connected devices that rely on OpenSSL encryption library, including network hardware like routers and switches. Networking vendors such as Cisco, Juniper Networks, F5 Networks, and Fortigate have all issued security alerts indicating this risk.
OpenSSL is a software that decrypts data encrypted under SSL (Secure Socket Layer) or TLS (Transport Layer Security) technology. OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat extension packets, which allows remote attackers to obtain sensitive information. This information can include private keys, usernames and passwords, or encrypted traffic from process memory via created packets that trigger a buffer over-read. This creates a huge vulnerability that allows hackers to infiltrate any large network.
Heartbleed Remediation in Your Network
OpenSSL, being a widely-used implementation of SSL, is difficult to fully remediate. However, your immediate action should be to update patches with the fixed version, i.e. 1.0.1g or newer.
To remediate Heartbleed in 3 simple steps:
- Change passwords for all devices (before & after patching, to be absolutely sure that no attacker sneaks in...)
- Patch your network operating system for all perimeter hosts
- Purge bad OpenSSL versions from your entire infrastructure
It’s important to contact vendors of your devices that connect to the Internet. You need to find out if those devices rely on OpenSSL and ask if there is a patch available. In addition, refrain from using any affected applications or devices, and apply any updates as soon as possible.
Junos OS affected by OpenSSL "Heartbleed" issue – Juniper
Cisco has also released a list of affected and vulnerable products.
For a network with 100s to 1000s of devices, it’s no small task to push Network OS and firmware updates/patches in bulk. Using an automated tool to quickly take action and apply software fixes on all devices in the network will definitely save the network admin time, and enable quicker TATs (turn-around-time) to address sudden vulnerabilities such as Heartbleed.
Also, note that most vendors are working on providing fixed versions of code for its products. So, patching your devices with new updates should be on your to-do list for a quite some time.
Note for SolarWinds customers: Please take a look at this table to check the Heartbleed vulnerability against the product(s) you use.
Quick tip: Click here to download IOS upgrade templates from thwack. Just type 'upgrade' in the 'filter by tag' box.