StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Network Security, the Heartbleed Bug - Essay Example

Cite this document
Summary
The paper "Network Security, the Heartbleed Bug" states that users should frequently change their login credentials such as passwords and they need to make sure that they opt for something that does not redirect to their personal likes for example a pet's name. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.8% of users find it useful
Network Security, the Heartbleed Bug
Read Text Preview

Extract of sample "Network Security, the Heartbleed Bug"

The Heartbleed Bug Introduction The heartbleed bug subsists in a piece of open source software called OpenSSL (Secure Sockets Layer). The OpenSSL is intended to act as a sort of secret handshake at the beginning of a secure conversation through encryption of communications between a users computer and a web server. The heartbleed bug was revealed in April 2014 in the OpenSSL cryptography library. It is a broadly used application of the Transport Layer Security (TLS) protocol. It was labeled Heartbleed because it affects an extension file to the SSL (Secure Sockets Layer) and improper input validation, hence programmers named it as Heartbeat. This essay focuses on the increased concern over the effects of the heartbleed bug on the internet security (Codenomicon, 2014). This loophole allows stealing of secured information and data under normal settings, by the SSL/TLS encryption used to protect the Internet. The SSL/TLS covers privacy and communication security for applications found in the Internet such as the web, instant messaging (IM), email and virtual private networks (VPNs). The Heartbleed bug permits any user accessing the Internet to read the systems’ memory secured by the weaker versions of the OpenSSL applications. This jeopardizes the secret keys used to pinpoint the service providers and to encode the movement, the names and passwords of the users and the authentic content. This permits hackers to spy on data, steal information straight from the services and users and to impersonate services and users (Codenomicon, 2014). The Heartbleed bug is listed in the Common Vulnerabilities and Exposures system as CVE-2014-0160. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names preserved by MITRE. The technical name, CVE-2014-0160 is named from the line of code that the bug is contained. However, a secure version of OpenSSL was released on April 7, 2014, after the Heartbleed bug was publicly revealed. At the time close to 17% an estimated half a million of the Internets protected web servers licensed by trust authorities were alleged to be exposed to the bug. Hence, permitting the stealing of the servers digital keys used to encrypt data and gain access over users session cookies and passwords (BBC News, 2014). The loophole allows a hacker to gain access of up to 64 kilobytes of server memory. However, the hackers execute the attack repeatedly to access a substantial amount of information. Therefore, a hacker can gain access to users’ cookies from web browsers and servers that keep track of individual personal login information such as passwords and usernames details. This kind of information is critical and makes data secured online at risk of getting in the wrong hands since the hacker has the ease of logging in to users account through impersonation (BBC News, 2014). According to the Electronic Frontier Foundation, doing the attack over and over again could produce more severe information, such as websites private SSL digital key, used to encrypt movement of data. With this digital key, someone could run a replica version of a website and use it to gain access to other classes of information, such as credit card numbers or private messages. Encryption is used to secure information that may damage individual privacy or security when they are exposed by the hackers. To coordinate retrieval of information from the heartbleed bug, it is categorized into four parts namely: Primary key material, secondary key material and protected content and collateral (Codenomicon, 2014). Leaked information keys gives the hacker access to decrypt both past and future data circulation to the secured services and copy the service at will. Any security given by the encryption and the signatures in the X.509 licenses can be overwritten. Recovery from this sort of leak involves repairing the exposure, cancelation of the compromised keys and reproducing and redeploying new keys. Even doing all this will still leave any traffic captured by the hackers in the past still at risk to decryption (Codenomicon, 2014). Secondary material entails information such as the user identifications (user names and passwords) used in the risky services. Recovery from this disclosure needs the users of the service first to reestablish trust to the service in accordance to steps defined overhead. After this owners can begin changing their passwords and possible encryption keys in accordance with the instructions from the users of the services that have been tampered with. All log-in session keys and session cookies should be canceled and considered as tampered with (BBC News, 2014). The authentic content handled by the risky services. This might be personal information such as emails, financial particulars, instant messages, documents that is protected by encryption. Only users of the subscription will be able to approximate the chances of what has been exposed and alert their users consequently. Importantly is to reinstate confidence to the primary and secondary key material. This is the only procedure that will empower secure practice of the tampered services in the future. Disclosed securities are other particulars that have been uncovered to the hackers in the leaked memory content. Leaked collateral contain technical particulars such as memory addresses and security measures. Security measures include canaries used to defend against overflow occurrences. These have only present-day value and will drop their value to the hacker when OpenSSL has been advanced to a secure version (Codenomicon, 2014). However, OpenSSL implementation software is popular; there exist other SSL/TLS alternatives. Similarly, some Web sites use a previous, genuine version, and some of them did not permit the "heartbeat" vulnerability that was dominant to the risk. While it does not unravel the mystery, what alleviates the possibility of the possible risk is the application of Perfect Forward Secrecy (PFS). This is the exercise that guarantee the encryption of keys have a very limited shelf life and are not used for a long shelf time. This means that if a hacker accessed an encryption key out of a servers memory, the hacker would not be able to decrypt all protected traffic from that server because keys has a limited shelf life. While some big companies such as Facebook and Google are supporting PFS, not every company does (BBC News, 2014). In conclusion, users should frequently change their login credentials such as passwords and they need to make sure that they opt something that does not redirect to their personal likes for example a pets name. Preferable words that do not appear in a dictionary may be a combination of numbers and words. Tools are now broadly accessible that will keep and consolidate all users credentials for apps, computers and networks. Applications and tools can create passwords and spontaneously enter user’s credentials into forms on websites. These tools keep users credentials in an encrypted file that is available only through the use of a master password. Illustrations of such tools include KeePass, 1Password and LastPass (Codenomicon, 2014). References Codenomicon (2014, April 29). Heartbleed Bug. Retrieved 27 February 2015, from http://heartbleed.com/ Wakefield, J. (2014, April 10). Heartbleed: What you need to know. BBC news Technoloy. Retrieved 27 February 2015, from http://www.bbc.com/news/technology-26969629 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Network Security Paper Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Network Security Paper Essay Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/information-technology/1680297-network-security-paper
(Network Security Paper Essay Example | Topics and Well Written Essays - 1000 Words)
Network Security Paper Essay Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/information-technology/1680297-network-security-paper.
“Network Security Paper Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1680297-network-security-paper.
  • Cited: 0 times

CHECK THESE SAMPLES OF Network Security, the Heartbleed Bug

Network Security

network security is complicated but is equally important because it secures the assets of a company and allows it to keep its secretive strategic plans so as to gain competitive advantage.... In the contemporary age network security has become vital for preserving their relationships.... This paper discusses some of the potential threats to network security and the ways to mitigate them.... The paper also renders useful information about network security policing....
9 Pages (2250 words) Research Paper

Network Security

The rapid growth of networking has also come with its own challenges, mainly in the area of network security.... Therefore, network security can be defined as the safety of interlinked systems.... The rapid growth of networking has also come with its own challenges, mainly in the area of network security.... Therefore, network security can be defined as the safety of interlinked systems.... However, since the mid 1980s, networked computer workstations became common and with this came the issue of information and network security....
7 Pages (1750 words) Term Paper

Network Security

The author gives a large overview of Jackson, Chris "network security auditing", Harrington Jan "network security: A Practical approach", Douglas Comer “Computer Networks and Internets” and other works on the topic of network security.... Current annotated bibliography includes Winkler Vic "Securing the Cloud: Cloud Computer Security Techniques and Tactics", Chey Cobb "network security for dummies", Cole Eric "Networking security bible", Donahue Gary Network Warrior" and other books on the stated topic....
18 Pages (4500 words) Annotated Bibliography

Network Security Control

network security is one of the most highly debated topics in the present day world.... network security has many dimensions.... network security has become a very essential part of each and every network present on this planet- be it the Internet which we use or the LANs (Local Area Networks) and MANs (Metro Area Networks).... As more and more networks are being introduced every single day, the implementation of network security has become very important....
6 Pages (1500 words) Essay

Amazon-Branded Smartphones

Hence, a vast number of websites are at high risk of heartbleed.... It is advised that if the site's operator does not confirm yet that a particular site is already safe from heartbleed, stay calm, and reset your passwords if it's already safe.... Is there a way a user can check if the site he joined in is vulnerable of heartbleed?... LastPass is a program and a great tool for checking if a website is secure or infected by heartbleed....
8 Pages (2000 words) Essay

A Digital Certificate in Windows XP

A firewall represents a hardware or software device that operates in a networked environment by aiding security by blocking any unwanted access to the communication network.... pro readily avails the features for creating a digital certificate and ensuring its security by storing it on the Windows certificate store.... A firewall places itself between a local network (LAN) and the Internet, and subsequently filters traffic that might be dangerous or harmful to a company's network....
5 Pages (1250 words) Assignment

The Analysis of the Heartbleed

The paper "The Analysis of the heartbleed" discusses that SSL, this shorthand represents Secure Sockets Layer—It is a security standard that allows secure transmission of information to occur between you and service without the risk of interception of vital information by a third party.... heartbleed exploits this 'heartbeat' by sending out, a kind of heartbeat signal to servers that is malicious in nature.... Morgan's technology and cyber security teams have laboured to inspect data on more than 90 servers that were compromised....
16 Pages (4000 words) Essay

Mobile Application Security Issues

The paper "Mobile Application security Issues" overviews mobile security issues associated with all layers of the 'OSI model', recent threats along with their behavior and triggers that led them to successfully breach the network or mission-critical data of an enterprise.... The security of mobile devices is now one of the most critical success factors for an enterprise and 'Information Technology' decision-makers.... As mobile applications and mobile devices are now ubiquitous in the corporate market, they bring a vast variety of security concerns with them....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us