Upload File

cloud security questioned after heartbleed bug

1
Cloud Security Questioned After Heartbleed Bug Security teams at many companies are still dealing with the aftermath of the NSA revelations from Snowden when hit with another huge blow this week. SSL, the encryption layer for the Internet, was found to have a major bug that would allow an attacker easy access to usernames, password, and encryption keys. “These allegations further question the security of all data crossing the Internet,” Adrian Sanderball, Security Analyst at Actium Consulting. A key question for many security professionals is whether encryption technology is secure, or even if cloud security can ever be truly achieved. Encryption was seen as the ultimate tool for making sure data is secure when being transmitted online. Documents leaked by Edward Snowden shows the NSA actively worked to undermine the effectiveness of encryption in order to make data more accessible for mass surveillance of Internet traffic. Even encryption vendor RSA was brought into the mix when it was revealed the company may have received $10 million from the US government in exchange for inserting weaknesses into encryption technology the company sold to corporate and government clients worldwide. Now, Heartbleed is calling into question SSL that is used to protect data as it’s transmitted between companies and websites. One of the biggest barriers to large companies adopting on-demand SaaS applications is cloud security. Even with SSL, many companies feel that cloud services are not doing enough to encrypt data when stored in the application. Now that data being transferred to and from the cloud, and even encryption keys themselves are vulnerable, many security analysts are recommending companies employ cloud encryption gateways to encrypt data on premises behind the firewall before uploading to a cloud service. By encrypting data and keeping control over the encryption keys, companies can ensure that if there’s a breach or their data is accessed by a third party, it won’t be viewed by a third party. That step, say experts, is what’s needed before the largest companies will have faith in cloud security.

Upload: tomascohencs

Post on 05-Aug-2015

23 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: Cloud security questioned after heartbleed bug

Cloud Security Questioned After Heartbleed Bug

Security teams at many companies are still dealing with the aftermath of the NSArevelations from Snowden when hit with another huge blow this week. SSL, theencryption layer for the Internet, was found to have a major bug that would allow anattacker easy access to usernames, password, and encryption keys. “These allegationsfurther question the security of all data crossing the Internet,” Adrian Sanderball, SecurityAnalyst at Actium Consulting.

A key question for many security professionals is whether encryption technology issecure, or even if cloud security can ever be truly achieved. Encryption was seen as theultimate tool for making sure data is secure when being transmitted online. Documentsleaked by Edward Snowden shows the NSA actively worked to undermine theeffectiveness of encryption in order to make data more accessible for mass surveillanceof Internet traffic.

Even encryption vendor RSA was brought into the mix when it was revealed thecompany may have received $10 million from the US government in exchange forinserting weaknesses into encryption technology the company sold to corporate andgovernment clients worldwide. Now, Heartbleed is calling into question SSL that is usedto protect data as it’s transmitted between companies and websites.

One of the biggest barriers to large companies adopting on-demand SaaS applications iscloud security. Even with SSL, many companies feel that cloud services are not doingenough to encrypt data when stored in the application. Now that data being transferred toand from the cloud, and even encryption keys themselves are vulnerable, many securityanalysts are recommending companies employ cloud encryption gateways to encrypt dataon premises behind the firewall before uploading to a cloud service.

By encrypting data and keeping control over the encryption keys, companies can ensurethat if there’s a breach or their data is accessed by a third party, it won’t be viewed by athird party. That step, say experts, is what’s needed before the largest companies willhave faith in cloud security.

http://www.skyhighnetworks.com/

DevOps Boston - Heartbleed at Acquia

SSL/TLS : Faille Heartbleed

d Neel Mehta, Google Security - IT Today · discovers the Heartbleed vulnerability Friday, March 21 ... about a bug existing in ... heartbleed_infographic

The Heartbleed Attack

The Heartbleed Bug

DrupalGov2014 Heartbleed

The Heartbleed Hit List

The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library

Heartbleed Nedir?

Heartbleed && Wireless

Gestion des vulnérabilités logicielles - OSSIR · Heartbleed Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet's

CloudStack and the HeartBleed vulnerability

Heartbleed Bug Advisory (CVE-2014-0160)accuvantstorage.blob.core.windows.net/web/file/... · Heartbleed Bug Advisory (CVE-2014-0160) 3 Revision: 1.1 Technical Summary The Heartbleed

HeartBleed - Vysoké učení technické v Brněbuslab.fit.vutbr.cz/.../2015/stud_prezentace/HeartBleed.pdfCVE-2014-0160 HEARTBLEED BUG [1] Heartbleed bug bola chyba v kryptovacej kižici

Security Vulnerabilities: Heartbleed & Buffer Overflow

Using Soft Systems Methodology and Activity Theory to ...Heartbleed is zero day vulnerability. Mitigating Heartbleed bug which faces computer systems in the global – cyberspace is

ANALISIS KEAMANAN ATAS SERANGAN HEARTBLEED …eprints.ums.ac.id/36045/1/Publikasi.pdfKeywords: Android, Client, Heartbleed, Heartbleed Detector, Heartbleed Scanner, Heartbleed Script,

Heartbleed Bug Vulnerability: Discovery, Impact and Solution

Heartbleed Bug

Heartbleed Overview

The Heartbleed Bug Serge Borso [email protected]

CHERI - University of Cambridge · PDF fileMotivation The Eternal War in Memory* Example bug: Heartbleed allows attackers to eavesdrop on communications, steal data directly from the

Heartbleed: how widespread is it? - SNE/OS3 … how widespread is it? Leendert van Duijn Jan-Willem Selij June 1, 2014 Abstract The Heartbleed bug caused many servers on the internet

Heartbleed by-danish amber

Sullivan heartbleed-defcon22 2014

Reverse heartbleed

faille OpenSSL Heartbleed

Heartbleed Bug: Prevent Attacks Before They Begin

Heartbleed Bug Infographic

Implementasi Fortigate untuk Melindungi Keamanan Sistem dari Bug Heartbleed

HEARTBLEED ATTACK

Cyber-security tips: the heartbleed bug

Report on Heartbleed

Xerox and the Heartbleed Bug: What We're Doing · 2018. 8. 20. · Xerox and the Heartbleed Bug: What We're Doing Author: Xerox Corporation;Ralph H. Stoos Jr. Subject: We’re following

HEARTBLEED BUG - WordPress.com · have enough logs/monitoring to determine whether a site was compromised. The potential impact of the Heartbleed bug vulnerability is difficult to