How to Detect the Heartbleed Vulnerability with AlienVault USM
Upcoming SlideShare
Loading in...5
×
 

How to Detect the Heartbleed Vulnerability with AlienVault USM

on

  • 802 views

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and can be used to steal not only user credentials, but also elements of the ...

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and can be used to steal not only user credentials, but also elements of the application's source code and any information that is in the server's memory. It is critical to understand which of your systems is vulnerable to the Heartbleed exploit and take fast action to protect your systems.
Watch this on-demand demo to learn more about Heartbleed and see how AlienVault USM helps you:
Identify vulnerable systems
Detect attack attempts
Identify & investigate successful attacks

Statistics

Views

Total Views
802
Views on SlideShare
802
Embed Views
0

Actions

Likes
0
Downloads
14
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

How to Detect the Heartbleed Vulnerability with AlienVault USM How to Detect the Heartbleed Vulnerability with AlienVault USM Presentation Transcript

  • LIVE PRODUCT DEMO Special Session: How to Detect the HeartBleed Vulnerability using AlienVault USM
  • A Brief Overview WHAT IS THE HEARTBLEED BUG? Specifically, A bug in the heartbeat mechanism within OpenSSL Attackers could potentially use leaked cryptographic keys to decrypt secured SSL sessions Sensitive information such as cryptographic keys used to secure SSL sessions may be disclosed IT IS A VULNERABILITY IN OPENSSL DISCLOSED INFORMATION CAN LEAD TO ADDITIONAL ATTACKS CAN BE USED TO ILLICIT INFORMATION LEAKAGE/DISCLOSURE
  • WHY IS THE HEARTBLEED BUG SIGNIFICANT? Specifically, applications such as web servers, mobile application servers, etc. that make the Internet what it is today. Cisco has advised that their Nexus 1000v and 4000 series switches are vulnerable That includes mail servers, proxy servers, load balancers and lots more. OPENSSL PROVIDES CRYPTOGRAPHIC SERVICES TO LOTS OF NETWORKED APPLICATIONS NETWORK INFRASTRUCTURE DEVICES MAY BE VULNERABLE AS WELL ANY APPLICATION USING OPENSSL FOR CRYPTOGRAPHIC SERVICES MAY BE VULNERABLE
  • WHAT IS THE IMPACT IF EXPLOITED? vulnerable system’s memory in 64 kilobyte chunks completely circumvent the security services provided by OpenSSL user passwords to data being transmitted by the applications relying on OpenSSL AN UNAUTHENTICATED, REMOTE ATTACKER CAN RETRIEVE CONTENTS OF A WITH THE RIGHT SET OF CIRCUMSTANCES AND A BIT OF EFFORT AN ATTACKER CAN DISCLOSED/LEAKED INFORMATION CAN RANGE FROM CRYPTOGRAPHIC KEYS TO
  • HOW DOES THE ATTACK WORK? explains it quite well actually xkcd.com/1354/ THIS COMIC FROM XKCD.COM CREDIT:
  • Vulnerability and attack detection HOW IT CAN BE DETECTED The Heartbleed bug can be detected through remote vulnerability scanning – CVE ID: CVE- 2014-0160 Correlation can be used to differentiate between attack attempts and attacks that are successful. An attacker’s request and a vulnerable server’s response can be detected by monitoring the network. Note that vulnerable applications will not log attempts to exploit this vulnerability. Network intrusion detection is the only effective method for detecting this type of attack. USE A VULNERABILITY SCANNER TO FIND VULNERABLE SYSTEMS USE CORRELATION TO IDENTIFY SUCCESSFUL ATTACKS USE A NETWORK INTRUSION DETECTION SYSTEM TO MONITOR NETWORKS
  • HOW DO YOU FIX IT? www.openssl.org/source/ USE VULNERABILITY SCANNING TO IDENTIFY VULNERABLE SYSTEMS AND APPLY THE PATCH SOME VENDORS, NETWORK DEVICE VENDORS IN PARTICULAR MAY NEED TO PUBLISH THEIR OWN UPDATES/PATCHES OPENSSL HAS RELEASED A PATCH THAT IS AVAILABLE HERE:
  • NOW FOR SOME Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Questions? hello@alienvault.com