11 Apr 2014

The Achilles’ heel of OpenSSL

achiles-heel-OpenSSLA hot topic these days is the Heartbleed bug, which could potentially be a gateway to leak massive amounts of personal information. Since the beginning of the week, big players like Yahoo, Canada Revenue Agency, Dell are shutting down parts of their website in order to allow their people to update with the required security patches.

Two years ago a programming flaw was introduced into OpenSSL and since a lot of websites use OpenSSL to achieve security it has exposed a much larger segment than usual.

A bug in the Heartbeat verification protocol inside SSL facilitates the attack, basically all information, usernames, passwords, addresses, credit card numbers, which would normally be protected by SSL Encryption can be decrypted and read. More importantly, since the encryption key can be exposed,

Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed

and an attacker can use the keys to decrypt all past and future encrypted data transfers between the client and the server. Unfortunately, even with all the security patches updated, the traffic intercepted by the attacker in the past will still be vulnerable.

According to heartbleed.com, given that OpenSSL is the most popular open source cryptographic library, a large majority of sites on the web have used it. Popular social sites, company’s sites, e-commerce sites, hobby sites, sites for software, or even sites run by governments are using the vulnerable OpenSSL. Popular email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), VPN appliances (SSL-VPN), firewall and network appliances, and a wide variety of client-side software are also protected by OpenSSL.

Fortunately, it can be fixed, the OpenSSL team has already released a fixed version, and it is important to note that not all versions of OpenSSL are vulnerable. Validate if your version is affected on heartbleed.com and you can take the necessary steps to patch or update your systems.

Some firewall vendors, like Dell SonicWALL, are able to protect vulnerable servers with built-in scanning signatures. Dell SonicWALL appliances with active Intrusion Prevention Services will protect devices and servers that are behind the firewall as of April 8th when Dell SonicWALL released a signature update for the service.

Also, take a look to see popular sites that have already patched the Heartbleed bug and change your credentials.

References:

The New York Times
Heartbleed
CNet

Share this
28 Mar 2014

Private, public or hybrid cloud? That is the question!

Public or Private Cloud?

Cloud computing has been in the spotlight all around the world for several years now, but studies show that not knowing exactly what to choose between private, public and hybrid cloud models, leaves executives and IT managers reluctant about migrating to the cloud. However, adopting a proven and customized solution for extending the data center and moving workloads to the cloud can happen sooner, accelerating return on investment.

As businesses seek to respond faster to customers and partners, they demand the agility and cost-effectiveness cloud environments offer while lowering the risk, cost and time of implementations.

How about both?

The most visible benefit of a hybrid cloud implementation is the lower investment in IT infrastructure when compared to a full private cloud implementation. With a hybrid cloud, IT resources and existing platforms often do not need to be upgraded or replaced, which itself is an advantage for departments, as they can easily extend existing local infrastructure and resources, which are often difficult and expensive to scale, to provide new resources for business processes.Cloud_computing_map_engl

In addition, hybrid clouds provide access to cutting-edge resources, often inaccessible to many companies, allowing them to keep processes and internal data on private infrastructure, while the remaining resources are migrated to lower cost cloud platforms.

Hybrid cloud models provide access to a wider range of options for many companies. Small businesses lean more towards public clouds because of the cost, while medium and large corporations choose the security and privacy of private clouds. Some businesses delay their migration to the cloud, either because necessary budgets are lacking or they have recently made a significant investment in technology and are not ready to change or incur additional costs.

According to the 2013 Gartner Report, ‘Private Cloud Matures, Hybrid Cloud is Next,’ nearly three-fourths of large enterprises expect to have hybrid deployments by 2015. In other words, the future is clear: IT is moving to the cloud.

The trend towards hybrid cloud is already becoming apparent, especially among SMBs. Adopting “Turn-key” cloud solutions, designed and customized to their needs and budgets. SMBs opt for those hybrid cloud solutions to help optimize their productivity while simplifying their IT.

With CONTINUIT®, SIMPLICIT® and PRODUCTIVITservice packages, BANG will keep your network systems running and available for business. Our backup and continuity plans provide your business with flexible options that can be secondary or primary backup solutions. By proactively addressing many common problems with scheduled maintenance and planned upgrades, Bang will keep your network running smooth, and more importantly make sure it is available for your users.

Share this

© 2016 Industries Bang Inc. All rights reserved.

Click Me