0 Replies Latest reply on Apr 11, 2014 5:56 AM by darragh.delaney

    Managing issues with Heartbleed on your network

    darragh.delaney

      I am sure all of you are familiar with Heartbleed now. If not there is good info available here and an excellent graphic at this link which explains how it works.

       

      So the next questions is, does it impact in you. If you use any online secure service then you can use this tool to check if the service is vulnerable. The next issue you may have is if systems on your network are running OpenSSL. The critical ones would be public facing web services. These would need to be checked and updated to OpenSSL 1.0.1g. You should also check if any other systems are running OpenSSL on your network. Anything from NAS systems to management tools can be using OpenSSL. Also, don't assume that the service will be running on TCP port 443. This can be changed. I put together the short video below which shows one method to check for the presence of SSL/TLS servers on a network using packet analysis.

       

      If you work in IT then Heartbleed does impact on you. Know what it is, get an inventory of what OpenSSL servers exist on your network and have a plan to update.

       

      Darragh