The recent media coverage of the HeartBleed vulnerability has caused legitimate concerns by our clients. Now that we have clearer information on the HeartBleed vulnerability, we are recommending businesses perform a series of basic steps to identify and correct any potential risks;
External Vulnerability – we recommend external vulnerability tests be performed, specifically testing for the HeartBleed vulnerability. Identify and be sure all external facing IP’s, websites and services are tested, then document the results. Burgess Computer can recommend a reputable vulnerability scanning vendor if you do not currently have one, as well as manage the process.
Internal vulnerability – some applications use OpenSSL to secure internal network traffic. A list of internal systems and applications should be created and then checked for vulnerabilities. Typically, the check is as simple as a vendor statement certifying there system is not vulnerable to HeartBleed. Burgess Computer can also assist with internal vulnerability checks.
Change your passwords – some social media and email sites were vulnerable. It is recommended to change your passwords. You can see a list of sites affected here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Out of an abundance of caution, we recommend changing any passwords used on the internet. You can also check if the website is vulnerable by using this tool to scan it:
Burgess Computer has verified that all managed services we provide are not affected by the HeartBleed vulnerability. These include;
- Hosted Exchange
- Hosted Email
- ZINC Remote Backup
- Managed Antivirus
- Managed IT Services
- Managed AntiSpam
Please contact us if you have any questions, or require assistance in planning and testing your network.