Heartbleed

Tenable Products Provide Strategic Solutions

The significance of CVE-2014-0160, aka Heartbleed, an attack against the transport layer security protocol (TLS/DTLS) heartbeat extension, is well documented. What could use more discussion is what it really takes to find all vulnerable systems in today's networks.

  • The vulnerability exists in the OpenSSL library, widely used by Linux operating systems, embedded systems and most applications implementing SSL encryption
  • While you can patch the vulnerability in your operating system, the vulnerable library can be built into the application, as it is with OpenVPN and other applications which must also be patched
  • The vulnerability can present itself in any service which implements SSL, allowing it to exist in services other than HTTPS (port 443), including email, instant messenger, and many other common (and uncommon) services and applications
  • Once you’ve patched the vulnerability on all of the systems and services you’ve discovered, it can easily be re-introduced if someone installs a vulnerable application or embedded system that has not yet been patched (or an older version where the vulnerability exists).
Through a comprehensive set of plugins and dashboards delivered within hours of the discovery of this vulnerability, Tenable customers were able to identify risk from Heartbleed across a wide variety of infrastructure, systems, and applications.
    heartbleed logo

    Nessus

    Nessus® enables you to safely detect the Heartbleed vulnerability with a comprehensive set of remote and local checks.

    Remote Checking Plugin 73412 (Nessus Plugins) – This plugin checks for the vulnerability and displays a sample of data that can be retrieved from the remote host. Tenable research teams have written this check to be thorough, accurate, and safe.

    Using local patch checking, Nessus can log into the remote host and determine if the operating system patches have been applied:

    Credentialed OS checks:
    CentOS
    Debian
    Freebsd
    Oracle Linux
    RedHat
    Amazon Linux AMI
    and other platforms including  Gentoo, Scientific Linux, Slackware 

     

    Nessus users can use the Heartbleed Detection scan policy wizard to discover this vulnerability. Users are able to adjust the thoroughness and intrusiveness of the scan, from checking on a subset of ports to scanning every port on each target for the presence of the vulnerability. Nessus can detect the Heartbleed vulnerability across a wide-variety of services and ports. Users can configure how intrusive a scan can be.

    Nessus Enterprise Cloud

    If you are concerned with your Internet facing systems, particularly your web sites or VPN connections, you may use the same Nessus Heartbleed detection policy wizard to create a schedule for scanning your systems from our remote, cloud-based vulnerability scanner, Nessus® Enterprise Cloud.

    Nessus Enterprise Cloud can be used to check for the Heartbleed vulnerability using one or more of the following three settings:

    • Quick – limited to searching for ports/services that are known to use OpenSSL;
    • Normal – searches for the vulnerability on the Nessus default set of ports; or
    • Thorough – performs a comprehensive sweep of all 65K ports and detects use of SSL.

    Nessus Enterprise Cloud allows for unlimited scanning of unlimited IP addresses and will help you discover where SSL communications that rely on OpenSSL are entering into your network, and whether they are vulnerable to the heartbeat attack.

    PVS – Passive Scanning

    For those hard to reach places, Tenable’s Passive Vulnerability Scanner™ (PVS™) can sniff the network and identify hosts vulnerable to the “Heartbleed” attack.

    PVS is a powerful tool for finding Heartbleed and other vulnerabilities which may escape some traditional detection methods. By passively monitoring network traffic, PVS detects server and client vulnerabilities, applications, and connections.

    As a data source for SecurityCenter Continuous View™, or as an individual subscription installation, PVS provides valuable insight into Heartbleed and other OpenSSL issues. Shown is a sample report displayed in the PVS web interface.

    As with all Tenable detections, PVS provides not only the overview, but also the detailed information required to address and resolve discovered vulnerabilities.

    PVS heartbleed
    The PVS is a safe way to identify the vulnerability and has the added capability of identifying vulnerable hosts in between scans or hosts that may have escaped an active scan.

    SecurityCenter Continuous View

    To thoroughly identify your exposure to Heartbleed, a complete view of your environment is required; Tenable’s SecurityCenter Continuous View™ provides a complete and comprehensive view of your environment by combining active scanning, passive monitoring, and log analysis.

    The SecurityCenter CV™ dashboard shown below provides an up-to-the-minute overview of Heartbleed-vulnerable systems and related information at a glance:

     

    Dashboard Heartbleed
    Tenable’s SecurityCenter Continuous View provides at a glance an up-to-the-minute overview of Heartbleed-vulnerable systems and related information, combining all data sources into a comprehensive view.
    Dashboard Heartbleed
    More detailed analysis is instantly available by drilling in from this dashboard, delivering detailed findings and actionable results.

    Webcasts

    The Heartbleed Playbook

    Join Paul Asadoorian, and Jack Daniel to find out how you will reduce the time, complexity and cost of finding and remediating Heartbleed

    Download Now

    Heartbleed Déja Vu

    A discussion that will help prevent future Heartbleed flare-ups

    Download Now

    Buy Nessus

    Purchase either through the online store or from an authorized partner.

    Buy Now

    Buy PVS

    PVS now available at a discounted introductory price.

    Buy Now

    Evaluate SecurityCenter CV for Your Organization

    Contact us to setup a trial.

    Evaluate