cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

3 Tips to Quickly Address the Notorious Heartbleed Bug

The Heartbleed bug is a vulnerability that’s compromising Internet applications like Web, email, and instant message communication. However, recent revelations indicate that there’s more to this threat. Unravelling the intensity of its potential, Heartbleed has recently been found to also affect connected devices that rely on OpenSSL encryption library, including network hardware like routers and switches. Networking vendors such as Cisco, Juniper Networks, F5 Networks, and Fortigate have all issued security alerts indicating this risk.

OpenSSL is a software that decrypts data encrypted under SSL (Secure Socket Layer) or TLS (Transport Layer Security) technology. OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat extension packets, which allows remote attackers to obtain sensitive information. This information can include private keys, usernames and passwords, or encrypted traffic from process memory via created packets that trigger a buffer over-read. This creates a huge vulnerability that allows hackers to infiltrate any large network.

Heartbleed Remediation in Your Network

OpenSSL, being a widely-used implementation of SSL, is difficult to fully remediate. However, your immediate action should be to update patches with the fixed version, i.e. 1.0.1g or newer.

To remediate Heartbleed in 3 simple steps:

  1. Change passwords for all devices (before & after patching, to be absolutely sure that no attacker sneaks in...)
  2. Patch your network operating system for all perimeter hosts
  3. Purge bad OpenSSL versions from your entire infrastructure

It’s important to contact vendors of your devices that connect to the Internet. You need to find out if those devices rely on OpenSSL and ask if  there is a patch available. In addition, refrain from using any affected applications or devices, and apply any updates as soon as possible.

Junos OS affected by OpenSSL "Heartbleed" issue – Juniper

junos.png

Cisco has also released a list of affected and vulnerable products.

For a network with 100s to 1000s of devices, it’s no small task to push Network OS and firmware updates/patches in bulk. Using an automated tool to quickly take action and apply software fixes on all devices in the network will definitely save the network admin time, and enable quicker TATs (turn-around-time) to address sudden vulnerabilities such as Heartbleed.

Also, note that most vendors are working on providing fixed versions of code for its products. So, patching your devices with new updates should be on your to-do list for a quite some time.

Note for SolarWinds customers: Please take a look at this table to check the Heartbleed vulnerability against the product(s) you use.

Quick tip: Click here to download IOS upgrade templates from thwack. Just type 'upgrade' in the 'filter by tag' box.

upgrade.png

5 Comments
MVP
MVP

Wouldn't you want to change your passwords as the last step, after you've closed this vuln?

Level 12

i agree... michael stump. you should change your passwords after the vuln.  Everyone that has not been affected by the Heartbleed virus yet should change their passwords regularly.. lets say weekly. Avoid using same password for multiple email  accounts/devices. Narendran Vaideeswaran...... Note for SolarWinds customers: Please take a look at this table to check the Heartbleed vulnerability against the product(s) you use.

Level 12

One of the challenges of the Hearthbleed clean-up is putting an inventory together of what to patch. As you mention in point two, you should patch operating systems. In today’s Internet of everything world most devices have an operating system. I ran some tests on my home network and I found a NAS system running OpenSSL. This issue is not all about webservers although they are the first to be targeted by this exploit.

100% agree with your points but the job of putting an inventory together is not as straightforward and you might think.

Level 10

Yes you are right. We had to run a series of test with Digicert tool on our customers and our network to ensure that we are cleared of the vulnerability.

Level 15

Looks like it was a good listing.  Did this tips make a difference?