FREE SERVICE DETECTS OPENSSL VULNERABILITY.
Tripwire, Inc. has introduced detection for Heartbleed (CVE2014-0160), the OpenSSL vulnerability announced by Codenomicon and Neel Mehta, a security researcher for Google. All Tripwire vulnerability management products, including Tripwire IP360, Tripwire PureCloud and Tripwire SecureScan, provide authenticated and unauthenticated checks for Heartbleed.
OpenSSL is used with a variety of networking products, and many organizations will have more than one vulnerable application or operating system. While web servers are an obvious target, Heartbleed also affects File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). Because Heartbleed can affect so many different applications, finding and remediating this critical vulnerability quickly across multiple machines can be a daunting task.
Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.
Specific Heartbleed-related checks include:
- Remote SSL/TLS vulnerability checks.
- Remote vulnerability checks for SMTP, POP3, XMPP, IMAP and FTP services that speak plain text and then switch to SSL/TLS.
- Local Windows OpenVPN vulnerability check.
- Local Linux distribution checks for Ubuntu, SUSE, RedHat, CentOS and Oracle Enterprise Linux.
- A recommendation on issuing a new SSL certificate. Tripwire Enterprise and Tripwire Log Center can also detect Heartbleed using custom rules and policies.
To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.
Tripwire is a global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats.
For more information, visit www.tripwire.com or call 408/398-6987.