The widely publicized Heartbleed bug is a vulnerability found in all implementations of OpenSSL released between March 2012 and April 2014 that allows attackers to gain access to sensitive user data and encrypted information. With OpenSSL used by approximately two-thirds of all websites and many other devices and services, enterprises have been scrambling to find the bug and fix it fast. Unfortunately, it's not always easy to tell whether an application or system is vulnerable to Heartbleed, even for security professionals. Luckily, Portland, Oregon-based security vendor TripWire Inc. developed SecureScan, a free tool that can help.
In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional, or CISSP, and trainer for CBT Nuggets LLC, demonstrates how to use TripWire SecureScan, an easy-to-use scanning tool that detects vulnerabilities and identifies servers that are susceptible to Heartbleed.
SecureScan is a network and device scanner that identifies which servers providing services through Transport Layer Security (TLS) have a Heartbleed vulnerability. The tool, which is free to use on networks with fewer than 100 devices or IP addresses, also helps determine which ports and services are open on devices on a network to help find any other related vulnerabilities. It has the ability to scan individual devices on the network, or the entire network, and can do credentialed scans for users looking for more detailed information.
SecureScan is cloud-based, so the installation of a connector from a Web browser to the TripWire cloud is required, but the tool makes that easy to do. After scanning, SecureScan produces vulnerability reports, risk scores and ID numbers so users can look further into any detected vulnerabilities.
About CBT Nuggets:
CBT Nuggets creates online IT training on topics including network security, server administration and more. Train 24/7 from any device. Try CBT Nuggets with a seven-day free trial and train on a variety of topics, including Cisco security, Wireshark, Linux and more. Watch. Learn. Conquer.
About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Barker is also the author of numerous Cisco Press books and articles.