With the well-intentioned release of a security update to OpenSSL on 19 April 2012, it is estimated that up to 60% of the Internet’s secure Web sites were immediately placed under threat once administrators installed this version of the trusted security software. Termed Heartbleed, the flawed update inadvertently allowed hackers to access secure web information on many websites globally.
SSL is also applied in the e-mail and VPN spaces, however, thereby making the potential fallout of this update much wider and more damaging than initially thought.
What should you do?
In addition to secure Web sites, e-mail servers and VPN environments, Web-based management consoles also experienced major vulnerability under Heartbleed. Being 100% certain of where and how Heartbleed may have affected your network security is only possible by way of a thorough vulnerability assessment.
A comprehensive vulnerability scan will quickly point out weaknesses and areas in your network security where Heartlbleed will have provided opportunities for hackers to access your secure data. A vulnerability scan will also, however, assess your network from a more holistic perspective – pointing out unrelated vulnerabilities that may have been present for months or years.
Vulnerability scans go beyond Heartbleed
When undertaking a scan of this nature it is thus important to view the results in context – in order to avoid unnecessary panic over the state of your network’s security. Priority should be given to Heartbleed related vulnerabilities and any others that constitute immediate threats to your data. The assessment should point these out in order of priority so that you are able to make an informed and balanced decision with regard to your approach to remedying any problems that have been uncovered.
Is Heartbleed still a threat?
While most software companies – including the SSL community – have issued updates that address the Heartbleed vulnerability, ensuring that you have installed each of these and not missed a single application on your network can be a confusing and mind-boggling task.
This responsibility is made easier to deal with by engaging the services of security specialists who know and understand the workings and outcomes of the Heartbleed outbreak.
In the event that you have diligently applied all patches and upgrades to all software platforms on your network, Heartbleed should be of little concern to you. Rumours that a similar vulnerability may have been present since November 2013 is cause for concern, however, and while it is questionable whether you should react to such an assertion, a vulnerability scan will address weaknesses in your network that would ultimately lead to protection that falls outside the scope of Heartbleed – affording you additional peace of mind in this regard.
Nclose’s advanced vulnerability managed service offers scans of this nature as part of a comprehensive package that ensures your network’s security in the short and longer term.
Consult your network security provider for peace of mind
If you are uncertain about your network’s security in the wake of Heartbleed, your network security provider is well versed in the best approach for your environment. A short conversation will put you at ease with regard to the level of exposure that you may or may not have experienced, and the best way in which to go about assessing and remedying it.