NetFort Tips & Tricks - Heartbleed Bug - What you need to know and how LANGuardian can help

  • 1
  • Idea
  • Updated 5 years ago
  • (Edited)
A major security threat has recently emerged regarding the "eavesdropping" bug known as heartbleed. Some reports suggest that "66% of web sites could be affected - and experts say all web users will be at risk in some way"       

The bug was introduced in OpenSSL in December 2011
and the weakness allows the stealing of information protected, under normal conditions, by the SSL/TLS encryption used to secure the internet.The heartbleed bug can reveal the contents of a servers memory, where the most sensitive of data is stored, including private data such as usernames, passwords and credit card numbers. The bug enables attackers to get copies of a servers digital keys, which can then be used to impersonate servers or to decrypt communications from the past or the future.

The vulnerability was named by a co-discover on the OpenSSL project website due to fact that the vulnerability is in the implementation of RFC6520 in OpenSSL (the Heartbeat Extension).

What you need to know about LANGuardian and heartbleed

LANGuardian is not susceptible to this vulnerability. Based on updates and comments published by OpenSSL and CentOS, LANGuardian systems are not affected by this flaw. Users do not need to take any action with LANGuardian and LANGuardian systems do not require a software update.

How can LANGuardian be used to manage the situation?

If you are running LANGuardian version 12 or higher and report version 427 you should have access to a new report called Security :: SSH-SSL/TLS Servers. This report uses information gathered by the content based recognition engine (CBAR) to detect any systems on your network running SSH/SSL/TLS. To run the report enter Security :: SSH-SSL/TLS Servers into the report finder in the top right hand corner of the LANGuardian GUI.

The report does not list vulnerable servers, just servers of SSH/SSL/TLS. You will have two options to drill-down. The first option will show what services are running on the server, if you see unusual characters when you drill-down, this is associated with encryption services. The second option allows you to see what clients are connecting to the server. If you see connections coming from an external source then we would recommend you check/patch these servers first.

Where can I get more information?
We will update our online community forum as we receive more information. Please check this on a regular basis.
These third party links may also be useful but as we don't maintain them we cannot guarantee the accuracy of the information hosted on them.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 5 years ago

  • 1

Be the first to post a reply!