When Heartbleed hit the news, we decided to wait to comment until more technical details emerged from our security vendors like Cisco, Symantec and Watchguard.
It appeared there was a lot of hype, but not a lot of substance until about 36-48 hours later. We’re your techs first, so mission #1 is to make sure your networks, servers and workflows continued to be secure and functioning before we worked on any articles. Even though we feel the story about Heartbleed is not over yet, here are some details we feel are now pertinent to pay attention to.
Well, we’re tech guys (and girls) so first, we made sure our clients were secure and happy. And even though we are still waiting for all the details to come out about Heartbleed, here are some action items we took with our clients and some security tips to keep you safe.
Heartbleed Bug Awareness
Many of you have probably heard about the Heartbleed Bug that has effected SSL Encrypted traffic from websites to networks and desktops to servers. Yesterday, we worked with many of our clients to implement the required security patch to protect your network. Now, here is the scoop.
What Did This Mean for NMI Customers?
Heartbleed was a leak in the system that allowed hackers to read any data running OpenSSL aka HTTPS sites. To better serve our customers, Network Medics technicians access Watchguard firewalls (regardless if they have remote users) via SSL VPN, so we can perform updates and provide technical support from the datacenter. Please keep in mind the targets of this breach would be Google, Facebook, Amazon and the like. However, it is still in everyone’s best interest to take action in order to protect their business and personal data. Many of our customers utilize WatchGuard Firewall Appliances.
On Tuesday, April 9, 2014 WatchGuard released a security patch to protect all of their end users. Yesterday, April 10, 2014 Network Medics applied this security to majority of our customers WatchGuard Firewalls.
If you did not hear from us, that means your WatchGuard appliance was not included in the breach and/or we do not manage your appliances. However, feel free to contact us anytime over the next week and we will be happy review your security and help with the necessary updates.
Security Tips To Protect Yourself
Media originally announced to hold off on changing your passwords until the security patches were implemented. You are now safe to make all the necessary changes.
- Change ALL social media passwords.
- If any of your passwords for the above sites are the same for any of your other services, like Banking accounts, changes those too. AND be sure to always have different passwords for different services.
- Create unique passwords that do NOT include your birthday, name or phone number.
- Try to use a variety of characters when creating a password.
As always, your Network Medics team is available for questions or to help with any next steps. Stay safe!