Since April  7th , the whole security community has been shaken by the discovery of a critical flaw in OpenSSL. This vulnerability, relating to the SSL/TLS Heartbeat extension on OpenSSL and known as the Heartbleed bug, may allow malicious users to read information in memory on affected systems. It is thus possible to retrieve sensitive information such as user session cookies or, worse, a server’s encryption private key.

Thanks to the intrusion prevention system on Netasq appliances, there has been zero-day protection from the exploitation of this vulnerability since 2008.. Internal servers using OpenSSL and secured by Netasq appliances are therefore effectively protected against this threat.

The protection is enabled by default for all traffic using an IPS inspection profile. If the configuration of the IPS engine has been changed, you are advised to check that the alarm “Invalid SSL packet” has been set to “Block” within IPS inspection profiles and that these profiles have not been disabled.

Example of a configuration:

Capture d’écran 2014-04-14 à 09.20.46

Netasq appliances integrate a vulnerable version of OpenSSL, which will be corrected in the future version 9.1.2.3., but remain fully secure thanks to the IPS protection.

Other Arkoon+Netasq products (FAST360, Stormshield, SecurityBox) are not affected by the Heartbleed bug.