Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

How to Detect the Heartbleed Vulnerability with AlienVault USM

622
views

Published on

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and can be used to steal not only user credentials, but also elements of the …

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and can be used to steal not only user credentials, but also elements of the application's source code and any information that is in the server's memory. It is critical to understand which of your systems is vulnerable to the Heartbleed exploit and take fast action to protect your systems.
Watch this on-demand demo to learn more about Heartbleed and see how AlienVault USM helps you:
Identify vulnerable systems
Detect attack attempts
Identify & investigate successful attacks

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
622
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. LIVE PRODUCT DEMO Special Session: How to Detect the HeartBleed Vulnerability using AlienVault USM
  • 2. A Brief Overview WHAT IS THE HEARTBLEED BUG? Specifically, A bug in the heartbeat mechanism within OpenSSL Attackers could potentially use leaked cryptographic keys to decrypt secured SSL sessions Sensitive information such as cryptographic keys used to secure SSL sessions may be disclosed IT IS A VULNERABILITY IN OPENSSL DISCLOSED INFORMATION CAN LEAD TO ADDITIONAL ATTACKS CAN BE USED TO ILLICIT INFORMATION LEAKAGE/DISCLOSURE
  • 3. WHY IS THE HEARTBLEED BUG SIGNIFICANT? Specifically, applications such as web servers, mobile application servers, etc. that make the Internet what it is today. Cisco has advised that their Nexus 1000v and 4000 series switches are vulnerable That includes mail servers, proxy servers, load balancers and lots more. OPENSSL PROVIDES CRYPTOGRAPHIC SERVICES TO LOTS OF NETWORKED APPLICATIONS NETWORK INFRASTRUCTURE DEVICES MAY BE VULNERABLE AS WELL ANY APPLICATION USING OPENSSL FOR CRYPTOGRAPHIC SERVICES MAY BE VULNERABLE
  • 4. WHAT IS THE IMPACT IF EXPLOITED? vulnerable system’s memory in 64 kilobyte chunks completely circumvent the security services provided by OpenSSL user passwords to data being transmitted by the applications relying on OpenSSL AN UNAUTHENTICATED, REMOTE ATTACKER CAN RETRIEVE CONTENTS OF A WITH THE RIGHT SET OF CIRCUMSTANCES AND A BIT OF EFFORT AN ATTACKER CAN DISCLOSED/LEAKED INFORMATION CAN RANGE FROM CRYPTOGRAPHIC KEYS TO
  • 5. HOW DOES THE ATTACK WORK? explains it quite well actually xkcd.com/1354/ THIS COMIC FROM XKCD.COM CREDIT:
  • 6. Vulnerability and attack detection HOW IT CAN BE DETECTED The Heartbleed bug can be detected through remote vulnerability scanning – CVE ID: CVE- 2014-0160 Correlation can be used to differentiate between attack attempts and attacks that are successful. An attacker’s request and a vulnerable server’s response can be detected by monitoring the network. Note that vulnerable applications will not log attempts to exploit this vulnerability. Network intrusion detection is the only effective method for detecting this type of attack. USE A VULNERABILITY SCANNER TO FIND VULNERABLE SYSTEMS USE CORRELATION TO IDENTIFY SUCCESSFUL ATTACKS USE A NETWORK INTRUSION DETECTION SYSTEM TO MONITOR NETWORKS
  • 7. HOW DO YOU FIX IT? www.openssl.org/source/ USE VULNERABILITY SCANNING TO IDENTIFY VULNERABLE SYSTEMS AND APPLY THE PATCH SOME VENDORS, NETWORK DEVICE VENDORS IN PARTICULAR MAY NEED TO PUBLISH THEIR OWN UPDATES/PATCHES OPENSSL HAS RELEASED A PATCH THAT IS AVAILABLE HERE:
  • 8. NOW FOR SOME Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Questions? hello@alienvault.com