fbpx
Blog April 11, 2014

Security Update- Are You Protected from the "Heartbleed" bug?

Connectria’s engineers are aware of the vulnerability, dubbed “Heartbleed”, which is a concern of all users of OpenSSL.  The bug has the potential to expose private information that is stored in memory of the server.  It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f).

Specific communication has gone out to all of Connectria’s customers, but if you using another cloud service read on.

This is a vulnerability with the OpenSSL library and not a flaw with SSL/TLS.  If you are running Microsoft IIS you are not vulnerable.  If your application or web server is using a web service that uses the OpenSSL library, you will need to:

1. Identify if your web servers are running a vulnerable version of OpenSSL (1.0.1 through 1.0.2f).  If your version is older than 1.0.1, then you are not vulnerable and no action is required.
2. If your server is vulnerable, you will need to update to the latest version of OpenSSL 1.0.1g.
3. Generate a new Certificate Signing Request (CSR).
4. Reissue any SSL certificates for the affected server using the new CSR.
5.  Install new SSL certificate and test.
6.  Revoke any old SSL certificates that have been replaced.

If you would like to test your web services to see if you are affected, please visit our partner GeoTrust to check your site.

Related Resources

 
Protect Your Clients, Their Customers, AND Yourself with Regulation Compliant Hosting
For many businesses, compliance is an essential component of what you do and how you protect your customers. Whether you’re in the healthcare sector, financial…
 
Who Does HIPAA Protect? And What Does This Mean for Your IT Team?
Many experts are eager to point out the what and the how of HIPAA compliance: What protected health information (PHI) is included, how it needs…
 
Small Businesses & PCI – What You Need to Know
Running a business in today’s digital-laden and data-driven world requires compliance with various federal regulations. Depending on the industry and the type of data that…