Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and can be used to steal not only user credentials, but also elements of the application's source code and any information that is in the server's memory. It is critical to understand which of your systems is vulnerable to the Heartbleed exploit and take fast action to protect your systems.
Watch this on-demand demo to learn more about Heartbleed and see how AlienVault USM helps you:
Identify vulnerable systems
Detect attack attempts
Identify & investigate successful attacks
2. A Brief Overview
WHAT IS THE HEARTBLEED BUG?
Specifically, A bug in the heartbeat
mechanism within OpenSSL
Attackers could potentially use leaked
cryptographic keys to decrypt secured
SSL sessions
Sensitive information such as
cryptographic keys used to secure SSL
sessions may be disclosed
IT IS A VULNERABILITY IN OPENSSL
DISCLOSED INFORMATION CAN LEAD TO ADDITIONAL ATTACKS
CAN BE USED TO ILLICIT INFORMATION LEAKAGE/DISCLOSURE
3. WHY IS THE HEARTBLEED BUG
SIGNIFICANT?
Specifically, applications such as web servers, mobile application servers, etc. that make the
Internet what it is today.
Cisco has advised that their Nexus 1000v and 4000 series switches are vulnerable
That includes mail servers, proxy servers, load balancers and lots more.
OPENSSL PROVIDES CRYPTOGRAPHIC SERVICES TO LOTS OF NETWORKED APPLICATIONS
NETWORK INFRASTRUCTURE DEVICES MAY BE VULNERABLE AS WELL
ANY APPLICATION USING OPENSSL FOR CRYPTOGRAPHIC SERVICES MAY BE VULNERABLE
4. WHAT IS THE IMPACT IF EXPLOITED?
vulnerable system’s memory in 64 kilobyte chunks
completely circumvent the security services provided by OpenSSL
user passwords to data being transmitted by the applications relying on OpenSSL
AN UNAUTHENTICATED, REMOTE ATTACKER CAN RETRIEVE CONTENTS OF A
WITH THE RIGHT SET OF CIRCUMSTANCES AND A BIT OF EFFORT AN ATTACKER CAN
DISCLOSED/LEAKED INFORMATION CAN RANGE FROM CRYPTOGRAPHIC KEYS TO
5. HOW DOES THE ATTACK
WORK?
explains it quite well actually
xkcd.com/1354/
THIS COMIC FROM XKCD.COM
CREDIT:
6. Vulnerability and attack detection
HOW IT CAN BE DETECTED
The Heartbleed bug can be detected through remote vulnerability scanning – CVE ID: CVE-
2014-0160
Correlation can be used to differentiate between attack attempts and attacks that are
successful.
An attacker’s request and a vulnerable server’s response can be detected by
monitoring the network. Note that vulnerable applications will not log attempts to
exploit this vulnerability. Network intrusion detection is the only effective method
for detecting this type of attack.
USE A VULNERABILITY SCANNER TO FIND VULNERABLE SYSTEMS
USE CORRELATION TO IDENTIFY SUCCESSFUL ATTACKS
USE A NETWORK INTRUSION DETECTION SYSTEM TO MONITOR NETWORKS
7. HOW DO YOU FIX IT?
www.openssl.org/source/
USE VULNERABILITY SCANNING TO IDENTIFY VULNERABLE SYSTEMS AND APPLY THE PATCH
SOME VENDORS, NETWORK DEVICE VENDORS IN PARTICULAR MAY NEED TO PUBLISH THEIR
OWN UPDATES/PATCHES
OPENSSL HAS RELEASED A PATCH THAT IS AVAILABLE HERE:
8. NOW FOR SOME Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Questions? hello@alienvault.com