Everywhere you look Everyone is talking about Heartbleed! But what exactly is Heartbleed and what does it really mean for you and your Network?
Heartbleed is a critical security issued that effects a number of tech devices, in the OpenSSL software library. Basically Heartbleed bug allows anyone on the Internet to read the memory of the systems that are running vulnerable versions of the Open SSL Software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. Basically the Heartbleed Bug allows attackers to eavesdrop on communications, steal data from and impersonate services and users.
Due to the fact that many manufacturers used the OpenSSL in their products, it is important for everyone to take account of the products they are using and asses their risk. We here at Data Networks International want you to know what popular products are affected and how to address the potential vulnerability you may have within your Data Center.
Cisco Systems, who uses OpenSSL in a number of thier products, has released a Security Advisory detailing the products affected directly by Heartbleed. Among them is the IOS XE Software architecture that runs many of the newest platforms including the ASR 1000 series and the Cat4500/Sup7. The Security Advisory went on to explain that only certain deployments of the ASR 1000 are at a significant risk, due to the nature of the HeartBleed bug. It is also important to note that devices operating as routers or switches are not exposed to the Heartbleed threat, because the security issue is directly related to Server functionality. SIP Gateway products and products using SSL/TLS and have the IOS HTTP Server Enabled may be vulnerable to the Heartbleed Bug.
If you are running ASR 1000 or any other vulnerable platforms, Cisco as suggested opening a case with the PSIRT Team to receive software updates to eliminate the Heartbleed Security Treat, as they are put into operation.
If you have any questions about the Heartbleed Bug and
how it may be affecting your Network or Data Center,
feel free to contact the team at DNI.
We are always here to help!
