New software version available | LANGuardian 12.0.8

  • 1
  • Announcement
  • Updated 4 years ago
  • (Edited)
LANGuardian 12.0.8 is an update an of 12.0.7 to improve data presentation in the reports.

12.0.8 is an update with additional features to help mitigate the risks presented by OpenSSL Heartbleed.

New features in LANGuardian version 12.0.8



12.0.8 includes 3 mechanisms to help deal with Heartbleed.

1. New "SSL/TLS Servers" report under Security section.

This is a CBAR report, that lists all servers seen using SSL/TLS. Enter your local subnet mask to all SSL/TLS servers on your network. This is not a list of compromised, or even vulnerable servers, just a list of all SSL/TLS servers; that is a starting point for checking for required patch levels.

2. The CBAR TLS decoder has been upgraded to detect 2 events relevant to the Heartbleed bug.

a. TLS/SSL server with heartbeat enabled. The Heartbleed vulnerability only exists on SSL/TLS servers with the heartbeat extension enabled. The TLS decoder can detect if heartbeat is enabled during SSL/TLS session startup. An event is generated whenever this is detected. The signature name is "SSL/TLS Server with Heartbeat Extension". These events are visible in a new report 'Heartbleed exploit' under the Security section. Drilldown to get a list of servers with the extension enabled. This does not mean that these servers are vulnerable, or that heartbeat is being used in that session, just that the heartbeat extension is enabled on the server. Use the list of servers as an inventory to checking required patch levels.

b. Heartbleed exploit attempt. The SSL/TLS decoder can detect when a malformed heartbeat request is sent to a server. An event is generated whenever this is detected. The signature name is "OpenSSL HeartBleed Exploit Attempt". These events are visible in a new report 'Heartbleed exploit' under the Security section. Drilldown to get a list of clients and servers. Review the actions of the client.

We've tested using some of the published exploit scripts and with server with heartbeat enabled and disabled and accuracey is good, with few false positives. However, the potential for false positives exists and we continue to test and develop the decoders.

Updates will be published as required.

Release notes -
http://www.netfort.com/resources/documentation/release-notes




Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 391 Posts
  • 8 Reply Likes
  • Happy

Posted 4 years ago

  • 1

Be the first to post a reply!