One of the most dangerous IT security threats of all time emerged recently – a bug called Heartbleed, which quickly sent shockwaves throughout the entire industry.
As a result, Fortune 500 organizations have been racing to patch their networks before hackers exploit the vulnerability and steal important, private data. Consumers are also encouraged to change their passwords after the systems have been patched.
The vulnerability emerged from the open source software universe. It was exposed to the Internet before a patch was made available, technically making it a zero-day vulnerability, and forcing IT administrators and security analysts to respond as quickly as possible to a previously unknown threat.
OpenSSL provides encryption to services such as SSL and TLS, which are primarily used for securing Web application traffic and reducing the risk of someone stealing credentials or other sensitive data while in transit. The vulnerability arose from a simple programming error in certain releases of the OpenSSL library (1.0.1-1.0.1f). It’s technically referred to as a Buffer Over Read in that once the exploit is successful, 64k of the server’s memory ‘leaks’ and can then be viewed by an unauthorized party.
This is significant in that very sensitive data can be contained within the server’s memory, which could include anything from usernames, passwords, account numbers, private keys, session tokens and much more. Successful exploitation of this vulnerability is also trivially easy to pull off, opening the door for many unskilled ‘hackers’ to gain access to sensitive, private information.
What’s more, if secret keys are stolen, this can allow the attacker to man-in-the-middle any traffic destined for the application, allowing them to snoop on private and sensitive application interactions such as financial transactions.
Here are eight important tips and strategies to keep data safe, as identified by LogRhythm Labs.
Click through for eight important tips and strategies for keeping data safe, as identified by LogRhythm Labs.
Understand the risks
Leaving Heartbleed exposed has the very real potential of exposing sensitive information from the vulnerable server. It is imperative that vulnerable systems be patched up to OpenSSL version 1.0.1g at the very least.
This information can be stolen easily using the many available exploit proof of concepts (https://blog.bugcrowd.com/heartbleed-exploit-yet/) and can be automated to continuously monitor the memory of the affected host and search for information such as private certificates, usernames, passwords and session tokens.
Know the sites affected
If you notice that a site or application that you use regularly was vulnerable, you should change your password once the company has remediated the vulnerability and announced this publicly.
Know when to change passwords
This is a situation where being reactionary – seeing all the news coverage and changing all your passwords immediately – could be exactly the wrong thing to do. If your provider is still vulnerable and you change your passwords in response to the coverage, you’ve just made your new password vulnerable. This is a situation where calm heads prevail and paying attention to communication from the companies that hold your information is the best course of action.
If a company has notified you of a potential breach, heed their advice and change your password. If you notice that a site or application that you use regularly was vulnerable, you should change your password only once the company has remediated the vulnerability and announced this publicly.
Assess your vulnerability
Implement checks for this vulnerability into your ongoing vulnerability management program. This can be done with a multitude of both open source and commercially available vulnerability scanning products and scripts.
Monitor your network and know what to look for
Review your network flow data and IDS logs to see if this vulnerability has been exploited. Snort has documented the details of what to look for in their recent Heartbleed blog post.
Keep in mind that while this was only exposed to the Internet recently, OpenSSL has been vulnerable since March 2012, so it’s impossible to tell what data could have been exposed since then.
Have a plan
Review your disaster recovery and incident response plans to assure that you have a plan for addressing emergency patching. If you have found vulnerable systems, make sure to patch them as soon as possible and contact your users to let them know that you have patched your systems and direct them to change their passwords if applicable.
Use two-factor authentication
This is a strong example of the need for time-sensitive two-factor authentication. Both pieces of authentication data may be stolen, but as long as one is time-based, it will be useless by the time anyone has a chance to do something with it.
Become a skeptic
The Heartbleed vulnerability is a perfect example of the general trust that can be placed in security technologies such as SSL. People assume that since there is a “lock” visible/present when logging in to their bank account that their information will be protected and transmitted in a secure fashion. For the most part this is true; however, it relies on the trust between the client and the server to establish a secure connection. If that trust is broken, be it by stealing user account information from memory or pilfering the secret keys from the server and intercepting subsequent communications, this fundamentally breaks down the overall security of the Internet as a whole.
Encrypted tunnels can be eavesdropped on with minimal indication that the traffic is being tampered with. For this reason, individuals should be skeptical of what they understand and hold to be true in regards to security in general as there is always someone out there who will find a way to break it down.