Net-Ctrl’s Response to the Heartbleed SSL Vulnerability

by | Apr 11, 2014 | Latest News | 0 comments

Net-Ctrl are aware and monitoring the Heartbleed SSL vulnerability that has been publicised heavily over the past few days. For Net-Ctrl we have to look at the incident on many levels:

  • Are any of our own services and systems compromised?
  • Are any of products and solutions we offer vulnerable?
  • If they are, how are they protecting against it?
  • How can we check whether our customers are vulnerable?
  • How it affects each one of us individually?

As a starting point, Net-Ctrl contacted all of our technology partners to see if any of their systems may be vulnerable to the Heartbleed situation. This allowed us to check through our customer database to see who may have been affected by the vulnerability and act on it.

One of our vendors, Palo Alto Networks, has not only issued a statement of how Heartbleed affects their service in relation to their firewalls, but also released vulnerability patches in order to help protect their customer’s networks against the problem. More details of how to get this can be obtained on their website.

We have had many customers contacting us about their systems, wanting reassurance and direction to see if they need to do anything, many of them were not vulnerable. We have had a few cases where customer’s products were vulnerable, and we have pro-actively provided a solution in order to make their network safe and secure once again.

Dealing with the Heartbleed Vulnerability

Dealing with the Heartbleed vulnerability through patches and updates is the first step in securing your systems. The second step is to replace your existing encryption keys. This is crucial, as it may be that the vulnerability has already been exploited on your system and your encryption keys used to carry out your SSL connection may have already been obtained. Therefore the data being exchanged on your network is still just as vulnerable post patching.

Soon after the vulnerability announcement at least one of our SSL certificate providers made statements about the infection and have offered to re-issue SSL certificates at no charge, which allows people to replace their compromised keys with fresh ones.

Change your password, but do it the right way

Currently in the media there is a lot of ‘change your password’ scenarios going-on. From an end user point-of-view, this is only worth doing if the platform you’re using that was vulnerable, has now been patched and has also had the keys replaced. Otherwise you’re just changing a password on a system that is still compromised.

Even for systems that were not vulnerable, the issue is that whilst people shouldn’t use the same passwords to access multiple systems, if they do, they need to think about all the secure sites that they access with the same credentials. It could be that the details have been collected from a different vulnerable system. So the user needs to check before changing their passwords that all their systems are no longer vulnerable, which in our mind is going to take some time.

You are able visit https://www.ssllabs.com/ssltest/ to check whether a particular server is vulnerable. It is worth running all your sites through this tool, please be aware it is currently experiencing a lot of traffic.

Here is our Heartbleed action plan:

  1. Check whether any of your solutions are vulnerable, to do so contact your reseller, or visit the technology partner websites and use the SSL labs site to check servers.
  2. Apply upgrades and patches where required.
  3. Contact your SSL certificate provider about getting new encryption keys, a lot of providers are offering this ‘free of charge’ in light of the events.
  4. Replace your encryption keys.
  5. Once you’re happy that all of your systems are protected, change all your passwords.
  6. Sit back and relax knowing that your network is now safe and secure once again.

If you have any concerns or questions over the Heartbleed vulnerability please email me at marke[email protected] and I will get back to you as soon as I can.

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Statement
Marketing Preferences

    Preferred Contact Method
    EmailPhone

    I consent to Net-Ctrl collecting and storing my data from this form and contacting me as listed in this form.

    Wireless Site Survey

    Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

    Wi-Fi Fact File - Wi-Fi 6, 6E and 7

    We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7

    Cabling Installations

    Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

    Connect the Classroom

    Connect-the-Classroom scheme  is allowing schools to upgrade their infrastructure to a solution that should last 10 years

    IT Support Solutions

    Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package

    Mobotix Site Survey

    IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

    Net-Ctrl Cloud WLAN

    Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.

    Cybersecurity Awareness Training
    We provide an automated Cybersecurity awareness training solution covering both simulated phishing and training courses.
    Wireless Network Solutions

    Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.

    Finance & Leasing Solutions

    Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.