If you accept Payment Card Information (PCI) on your website, an attacker using the Heartbleed Open Secure Sockets Layer (SSL) Bug can capture this information directly. Additionally, SSL Virtual Private Network (VPN) attackers can use this bug to obtain information sent over the VPN connection.
Tips for Responding:
- Almost all vulnerability scanners have updated their plugins to check for this issue. Scan all your public facing IP addresses that expose an HTTPS service (websites, SSL VPNs, remote logins, etc.) using your currently updated vulnerability scanner.
- Patch your systems immediately. All vendors are releasing patches. Contact your load balancer, VPN, network device, or server vendor for the fix.
- If a third-party manages your servers, require them to confirm what actions they have taken.
- Affected users should upgrade to OpenSSL 1.0.1g.
- All Web Application Firewalls and Intrusion Prevention Systems have released signatures for this issue. Update your signatures immediately and ensure they are in Block mode. Expect a performance impact to blocking the heartbeat requests of TLS, but you may be willing to accept the impact given the exposure that exists until you apply the patch.
The vulnerability leaves no trace of exploitation, so if you even suspect that you may have been compromised take the following steps to recover your security:
1. Patch your systems immediately
2. Change your SSL certificate
3. Issue a warning to all customers and ask them to change their passwords immediately
4. Change all system passwords on the affected server (The vulnerability also compromises in-memory passwords)
If you have any further questions concerning the Heartbleed Open SSL Bug, PCI Data Security Standards, or CBIZ Security and Advisory Services, contact Brenda Brigman at email@example.com or (901) 685.5575.