Printer Friendly

FREE SERVICE DETECTS OPENSSL VULNERABILITY.

Tripwire, Inc. has introduced detection for Heartbleed (CVE2014-0160), the OpenSSL vulnerability announced by Codenomicon and Neel Mehta, a security researcher for Google. All Tripwire vulnerability management products, including Tripwire IP360, Tripwire PureCloud and Tripwire SecureScan, provide authenticated and unauthenticated checks for Heartbleed.

OpenSSL is used with a variety of networking products, and many organizations will have more than one vulnerable application or operating system. While web servers are an obvious target, Heartbleed also affects File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). Because Heartbleed can affect so many different applications, finding and remediating this critical vulnerability quickly across multiple machines can be a daunting task.

Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.

Specific Heartbleed-related checks include:

- Remote SSL/TLS vulnerability checks.

- Remote vulnerability checks for SMTP, POP3, XMPP, IMAP and FTP services that speak plain text and then switch to SSL/TLS.

- Local Windows OpenVPN vulnerability check.

- Local Linux distribution checks for Ubuntu, SUSE, RedHat, CentOS and Oracle Enterprise Linux.

- A recommendation on issuing a new SSL certificate. Tripwire Enterprise and Tripwire Log Center can also detect Heartbleed using custom rules and policies.

To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.

About Tripwire

Tripwire is a global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats.

For more information, visit www.tripwire.com or call 408/398-6987.

COPYRIGHT 2014 Worldwide Videotex
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:UNIX Update
Date:May 1, 2014
Words:348
Previous Article:LINKSYS LAUNCHES WRT1900AC, WIRELESS-AC ROUTER.
Next Article:DOCKER AND RED HAT EXPAND COLLABORATION.
Topics:

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |