Subscribe to the InfoTech eNewsletter

infoTECH Feature

May 22, 2014

Staying Ahead of the Heartbleed Bug: Seven Easy Steps

By TMCnet Special Guest
Liejun Wang, Senior Researcher, Core Technology Division for NSFOCUS

The painful network security vulnerability known as Heartbleed that paralyzed the Internet seems like a distant memory for some, however there are still 318,000 servers vulnerable to this OpenSSL bug. What is even more alarming is the unknown, as this number only accounts for the verified cases.

Internet data centers (IDC (News - Alert)), Cloud hosting facilities and Internet service providers (ISP) now, more than ever need to better prepare themselves to face the consequences of these vulnerabilities head on. In doing so, they will be protecting their brand names, service reputations and assets, as well as those of their customers.

Heartbleed: The Overview
Heartbleed is defined as a security bug in the open-source, OpenSSL cryptography library, generally used to implement the Internet’s Transport Layer Security (TLS) protocol. It enables Internet users to access the stored data of the systems that are protected by the exposed versions of the OpenSSL software. 

It was a defined, easily accessible path to highly desirable data. Hackers were able to manipulate OpenSSL TLS Heartbeat Extension protocols in a range of OpenSSL versions, to obtain user and server information. As a result, customer passwords, cookies and licenses were compromised. Alarmingly, hackers were able to listen in on communications using acquired secret keys, therefore stealing data from service providers by impersonating both users and service providers.

Even more shocking, the Heartbleed vulnerability has been around for over two years, leaving the extent of the damage unknown. Moreover, when used, there is zero trace left behind, preventing users from accurately gauging or tracking the effects of the attack.

The OpenSSL TLS Heartbeat Extension protocol executes blind trust from the length of the payload in the communicating field. Meaning, from the start of the data stream (computer or network server) to the end point, the data had incorrect bound checks. This procedure may allow disclosure of data up to 64K memory to any linked network client or server. As such, delicate information enclosed in the stored data can also be exposed. 

Staying Ahead of Heartbleed: 7 Steps
Best practices suggest that affected websites that host highly sensitive information in user accounts, IDCs, Cloud hosting facilities and ISPs should carry out additional risk controls and take this opportunity to educate users on ways to overcome this vulnerability.

Here are seven tips that can be applied to safeguard your brand and educate your customers:

  1. Take appropriate actions: Enact additional risk controls; including thorough checks on the IP login address, stricter capital monitoring and tighter oversight to identify irregular operations.
  2. Notify and guard: Connect with your customers. Once any irregularity is noticed, affected websites should immediately alert customers so that appropriate passwords can be updated. Provide them with detailed information on Internet security before and after attacks happen.
  3. Operate on protected channels: Notifications should be sent through secure channels such as the user’s registered email address. In the event that alterations of the registered email are detected, notice should be sent to the previous email address.
  4. Be diligent: Attackers can steal financial data stored in the server memory. Advise your customers to change passwords for sensitive accounts, such as online banking and personal email accounts, as well as pay close attention to financial statements, keeping an eye out for any discrepancies.
  5. Become the security expert: Inform users about vulnerabilities and provide them with best practices. For example, advising them to avoid logging into accounts on affected websites until they are sure the Heartbleed vulnerability has been patched.
  6. Confirm vulnerability: The natural response of many users will be to immediately modify their passwords, but they should be alerted not to take this step until it can be confirmed that the website has already repaired the vulnerability.
  7. Test for safety: Users and providers can visit to check if a website is still exposed to this vulnerability. Users can also install the associated browser plug-ins, which provide alert/warning information when you visit the websites.

Moving Forward
Protecting business brands is key to all organizations, especially as competition continues to increase. Data centers and hosting providers are no different, however, they are tasked not only with securing their own brand reputation, but also customer assets as well.

Today, many solutions can be incorporated into existing service offerings. IDCs, ISPs and hosting providers are now able to provide network security solutions as part of their service offerings, such as employing “Scrubbing Centers” to help mitigate events such as Heartbleed and DDoS attacks.

By executing new tactics to improve the customer experience and increase market reach, hosting providers are better able to secure assets of all kinds, and perhaps produce alternative revenue streams at the same time.

About the Author: Liejun Wang, Senior Researcher, Core Technology Division for NSFOCUS has over 14 years of experience in the network security field, Wang is dedicated and specialized in vulnerability analysis, intrusion prevention and detection, and vulnerability assessment related to core network security, attack analysis and defense technology. Wang provides ongoing and continuous security consulting and support for the Intrusion (News - Alert) Prevention System (IPS) and remote security assessment products at NSFOCUS. 

Edited by Maurice Nagle

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers