TZCERT-2014-03: Vulnerability Alert

OpenSSL Vulnerability by Man in The Middle (MITM) attack

Date of First Release: 09-06-2014

Source: US-CERT, OpenSSL

OS Affected: Fedora Project, FreeBSD Project, Debian GNU/Linux, OpenSSL, Red Hat, Inc., Ubuntu.

Overview: A carefully crafted handshake can be used by an attackers to force the use of weak keying material in OpenSSL SSL/TLS clients and servers.

Description: The OpenSSL Project has released updates for OpenSSL 0.9.8, 1.0.0 and 1.0.1 to fix vulnerabilities that could allow an attacker use weak keying material in OpenSSL SSL/TLS clients and servers.

Impact: The vulnerability when exploited by “Man In The Middle” (MITM) attack, could allow an attacker to decrypt and modify the traffic from the attacked client and server.

Solution: Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

References:

https://www.openssl.org/news/secadv_20140605.txt
http://www.kb.cert.org/vuls/id/978508

Already protecting over 180 million users, download AVG Antivirus to protect you computer.

In today’s world of increasing cyber-attacks, we cannot live without firewalls. A firewall is a hardware or software network security system designed to restrict unauthorized traffic to the restricted segment of a network. In a typical scenario, services that are not supposed to be reachable outside a subnet are restricted in a firewall. There are various good choices of hardware firewalls implementation in the market however in a situation where cost is a concern, cheaper options such as pfSense can be used.

fpSense is a complete  firewall software package used with PC to provide all important features of a commercial firewall devices. pfSense is based on customized FreeBSD operating system and with  LightPD web server and PHP, pfsense also has a very good web interface that simplify its administration.

Apart from providing firewall capabilities, pfSense also has powerful and flexible routing capabilities and can also be used as a Wireless access point, VPN Appliance as well as a DHCP Server appliance. pfSense software can work well in a complex network and can secure your network  at a budget.

TZ-CERT advices you to consider implementing software firewall with pfSense if you have a network that does not have a firewall and cost is a concern.

Apart from pfSense there are other firewall implementation for you to consider. Some of them are smoothwall and Untangle NG.

You can learn more about pfSense in their website https://www.pfsense.org/

SNORT, is a free and open source Intrusion Detection and Prevention System developed by Sourcefire. Snort utilizes the combination of signatures, protocol and anomaly based inspection to detect malicious traffic passing through. Snort performs packet logging, log analysis, content searching and matching on real time basis to be able to detect attacks such as buffer overflows, stealth port scans, CGI attacks, SMB probes, denial of service, OS fingerprinting etc.

With a large community contribution, snort use rules that describe the traffic that is collected. For snort to be able to analyse traffic properly, it is advised that snort collect traffic from a switch with mirrored port.

Deployment of snort can be complimented with other tools such as snorby which gives an easy to use application that runs on top of snort and sguil which utilizes snort to perform network security monitoring.

TZ-CERT advice everyone running a network and system infrastructure to try Snort if they do not have an Intrusion Detection System in place.

You can learn more about snort in their website www.snort.com

Microsoft  released  an  update  that will fix two privately reported vulnerabilities on Internet Explorer. The vulnerability was affecting Internet Explorer version 6 to 11. Read More »