Since news of the Heartbleed bug broke recently, we've seen a wealth of information on how this security flaw came about. We've compiled this resource area of tips for you, to help tighten up your own personal security and that of your company's in accessing publicly available websites and Internet applications.
Publicly available websites and Internet apps should be your priority as everyone has access to them (as opposed to systems behind your firewall without an associated public IP address). Some examples of publicly available systems vs. private business network systems might include:
- Your website on a server is an example of a publicly available system.
- Your wireless device is an example of a system on your network but NOT publicly available.
A basic course of action for businesses to follow as they see fit might be:
- If you have Google Chrome configured as your browser, configure it to detect certificate revocation (so you can see still-compromised sites).
- Consider the sites, hosted applications and publicly available systems in which the vulnerability was detected and change your passwords (however, don’t do it from a compromised device or connect using one like an Android phone with version 4.1.1).
- Go through public systems and remediate (if a patch is available).
- Go through any private network systems and remediate (if a patch is available).
Some systems we've researched and their perceived status at this time include:
- APC UPS- Not vulnerable to Heartbleed
- AppRiver- Revise your passwords
- Dell server- Not vulnerable to Heartbleed
- Dell Sonicwall firewall- Not vulnerable to Heartbleed
- Fulcrum SPOT backup appliance- Not vulnerable to Heartbleed
- Fulcrum SPOT hosted Exchange- Not vulnerable to Heartbleed
- Microsoft OS- Not vulnerable to Heartbleed
- Network Solutions website- change your password
- Ruckus wireless- Look for patch for device
- Symantec anti-virus- Software patch to be released. Patch when available
A list of public-use websites for your users to change their passwords to can be found here.
Be sure to emphasize that users NOT USE THE SAME PASSWORD ACROSS ALL ONLINE SITES.
If there is anything we can to do assist you with ensuring your security, please do not hesitate to contact us asap!