How to Detect the Heartbleed OpenSSL Vulnerability in Your Environment

The Heartbleed vulnerability is a very serious issue, as it affects the popular OpenSSL open source library that is used throughout the Internet as well as in private networks, and OpenSSL is used with a variety of networking products which means more than just one application or operating system is vulnerable.

While web servers are an obvious target, Heartbleed also affects FTP, IMAP, POP3, XMPP, and SMTP services, and since so many different applications are potentially vulnerable, quickly finding and remediating the vulnerability across multiple machines is a daunting task.

To find the Heartbleed vulnerability in your environment with Tripwire IP360, simply update to the latest ASPL release and run your scans as usual.

If you are not a Tripwire IP360 customer, Tripwire SecureScan provides free vulnerability scanning for up to 100 IPs and includes comprehensive detection rules for Heartbleed to uncover the vulnerability wherever it may lie on your network.

Tripwire SecureScan contains the same vulnerability checks for Heartbleed that are included in Tripwire IP360 Vulnerability Management, including:

• Remote SSL/TLS Checks
• Remote STARTTLS Checks for SMTP, POP3, XMPP, IMAP, and FTP (services that speak plain text and then switch to SSL/TLS)
• Local Windows OpenVPN Check
• Local Linux Distribution Checks: Ubuntu, SuSE, RedHat, CentOS, Oracle Enterprise Linux
• PCI Only Remote OpenSSL Banner Check for Apache Hosts
• Exposure suggestion that a new SSL Certificate should be issued

To find the Heartbleed vulnerability in your environment:

1. Sign up for a free Tripwire SecureScan account
2. Setup the Secure Connector
3. Run a vulnerability scan

After the scan completes, download the actionable report for a list of machines affected by Heartbleed (as well as other vulnerabilities) and to view remediation steps. Be sure to change your SSL certificates as a precaution if Heartbleed was detected.

And be sure to join us for the webcast Heartbleed Outpatient Care: Steps for Secure Recovery on Thursday, April 17, 2014 1:00 PM EDT/10:00 AM PDT where we will be discussing the need for a robust security strategy for rapid reaction to vulnerabilities and threats.

In this webcast we will examine:

• The  Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
• How you can identify your business exposure and what systems are vulnerable
• How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed

Related Articles:

• Interrupting a Cyber Attack in Progress
• Ten Steps for Early Incident Detection
• Restoring Trust After a Data Breach
• How to Perform Early Detection of a Distributed Attack

Resources:

Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.

The Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Title image courtesy of ShutterStock