As you may have now learned, there is a very serious vulnerability that has been discovered in the OpenSSL 1.0.1 library. This vulnerability can allow an external attacker to extract segments of memory from a remote system without leaving any traces. The information in memory could contain vital security information, including private keys. It is important to know that this vulnerability has the potential to impact numerous online services, networks and systems given the wide use of this impacted library.

Given the potential impact of this vulnerability, Zensar strongly recommends that all services that may use the OpenSSL service be checked to determine potential impact. To assist in this effort, there are several assessment tools that can check for this, and other known SSL vulnerabilities. Zensar recommends using Qualys® SSL Lab site to determine potential exposure to the HeartBleed bug. This site can be accessed by visiting   https://www.ssllabs.com/ssltest/

Additionally, here is a list of several helpful links to some of our partner’s site that have issued releases concerning this vulnerability:

Aruba: http://www.arubanetworks.com/support/alerts/aid-040814.asc

Blue Coat: http://www.bluecoat.com/security-blog/2014-04-08/widespread-heartbleed-bug-affects-ssl-servers

Check Point: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173  and http://www.checkpoint.com/defense/advisories/public/2014/cpai-09-apr.html

ForeScout: http://www.forescout.com/support2/faq/

Extreme Networks http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf

Riverbed: http://www.riverbed.com/search/?keywords=Heartbleed&isSearch=true&checkKeywords=true

Zensar will continue to update this helpful list of links related to the HeartBleed vulnerability as soon as information becomes available. In the meantime, please do not hesitate to contact me at p.zanella@zensar.com or call 1-866-425-4242.

Patrick Zanella

AVP / Security, Compliance and Product Practice Head, Zensar Technologies

Twitter Id:-@patzanella

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...


Avatar

Posted by Patrick Zanella

Leave a reply

Your email address will not be published. Required fields are marked *