SlideShare ist ein Scribd-Unternehmen logo

How To Protect Your Business From Heartbleed Bug?

•Als PPTX, PDF herunterladen•
•
Cloudways
Cloudways

If you have an online business and you use OpenSSL, then you should take these measures to protect your business from Heartbleed bug.

Technologie
1 von 10
HOW TO PROTECT YOUR ONLINE BUSINESS FROM HEARTBLEED BUG?
My Name is Pere Hospital  IT Security Expert & Cloud Specialist - CISSP, OSCP Certified.  Founder, Cloudways (Managed Cloud Hosting Platform)  Find me on Twitter: @Phospital
Why Heartbleed Bug is a Big Deal ? According to CNN:  Two thirds of the web sites and applications that allow you to do online banking or communicate privately through e- mail, voice, or instant messaging use OpenSSL to protect your communications.  That is why a bug in OpenSSL that can render the private information you are transmitting across the wire, visible to attackers. And this is a very big deal.
So, How to Protect Yourself From Heartbleed Bug? If you are focusing on WHAT TO DO about it (especially if you have an online business of any kind). This is an overview of what I would suggest. 5-Step Strategy
Step 1  Carefully assess what is the level of sensitivity of the data that you have been “protecting” via SSL. (Find out how many SSL certificates you have and where you are using them and to protect what).
Step 2  Consider that there may be sensitive information that you are outsourcing already (i.e. to payment providers). In this case, you will have to ask them, what they have done about this bug, and how they have protected the sensitive data they handle on your behalf.
Step 3  Once you have gathered the relevant information, you need to decide about taking any further actions.
Step 4  The very first thing you need to do is rebuild your defenses, so you need to re-issue your SSL certificates. Then, replace the old ones with the newly-issued certificates. Most importantly, you should revoke all the old certificates to ensure that no other (future) data can be intercepted.
Step 5  Finally, you need to assess which kind of sensitive information you were “protecting” via SSL and act accordingly (i.e. resetting user passwords, changing credentials in third party services—and the list continues).
Concluding Words…  As more information becomes available, other actions will have to be considered, but with what we know so far, above steps look like a sensible approach to me. Sincerely, Pere Hospital @phospital Also read: Cloudways’ comprehensive coverage on Heartbleed bug

Empfohlen

Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?
Cloudways
 
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
Cloudways
 
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and GulpDon’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Tobias Hartmann
 
Generic Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical ItemsGeneric Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical Items
Cloudways
 
How to Get Clients for Your Agency
How to Get Clients for Your AgencyHow to Get Clients for Your Agency
How to Get Clients for Your Agency
Cloudways
 
Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020
Cloudways
 
6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store
Cloudways
 
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress InfluencersWatch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Cloudways
 

Empfohlen

Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?
Cloudways
 
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
Cloudways
 
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and GulpDon’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Tobias Hartmann
 
Generic Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical ItemsGeneric Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical Items
Cloudways
 
How to Get Clients for Your Agency
How to Get Clients for Your AgencyHow to Get Clients for Your Agency
How to Get Clients for Your Agency
Cloudways
 
Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020
Cloudways
 
6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store
Cloudways
 
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress InfluencersWatch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Cloudways
 
How To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your StartupHow To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your Startup
Cloudways
 
This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016
Cloudways
 
How PHP will fare in 2017
How PHP will fare in 2017How PHP will fare in 2017
How PHP will fare in 2017
Cloudways
 
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to MissTop Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
Cloudways
 
Ecommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday SeasonEcommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday Season
Cloudways
 
A 30 Point Checklist For Your Startup
A 30 Point Checklist For Your StartupA 30 Point Checklist For Your Startup
A 30 Point Checklist For Your Startup
Cloudways
 
Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2
Cloudways
 
How to setup tax rules in Woocommerce
How to setup tax rules in WoocommerceHow to setup tax rules in Woocommerce
How to setup tax rules in Woocommerce
Cloudways
 
How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)
Cloudways
 
How to Host WordPress on Vultr
How to Host WordPress on VultrHow to Host WordPress on Vultr
How to Host WordPress on Vultr
Cloudways
 
How to host WordPress on Google Compute Engine
How to host WordPress on Google Compute EngineHow to host WordPress on Google Compute Engine
How to host WordPress on Google Compute Engine
Cloudways
 
An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7
Cloudways
 
WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!
Cloudways
 
WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)
Cloudways
 
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services BillCloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloudways
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
 

Weitere ähnliche Inhalte

Mehr von Cloudways

Mehr von Cloudways (15)

How To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your StartupHow To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your Startup
 
This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016
 
How PHP will fare in 2017
How PHP will fare in 2017How PHP will fare in 2017
How PHP will fare in 2017
 
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to MissTop Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
 
Ecommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday SeasonEcommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday Season
 
A 30 Point Checklist For Your Startup
A 30 Point Checklist For Your StartupA 30 Point Checklist For Your Startup
A 30 Point Checklist For Your Startup
 
Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2
 
How to setup tax rules in Woocommerce
How to setup tax rules in WoocommerceHow to setup tax rules in Woocommerce
How to setup tax rules in Woocommerce
 
How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)
 
How to Host WordPress on Vultr
How to Host WordPress on VultrHow to Host WordPress on Vultr
How to Host WordPress on Vultr
 
How to host WordPress on Google Compute Engine
How to host WordPress on Google Compute EngineHow to host WordPress on Google Compute Engine
How to host WordPress on Google Compute Engine
 
An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7
 
WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!
 
WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)
 
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services BillCloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
 

KĂźrzlich hochgeladen

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

KĂźrzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 

How To Protect Your Business From Heartbleed Bug?

  • 1. HOW TO PROTECT YOUR ONLINE BUSINESS FROM HEARTBLEED BUG?
  • 2. My Name is Pere Hospital  IT Security Expert & Cloud Specialist - CISSP, OSCP Certified.  Founder, Cloudways (Managed Cloud Hosting Platform)  Find me on Twitter: @Phospital
  • 3. Why Heartbleed Bug is a Big Deal ? According to CNN:  Two thirds of the web sites and applications that allow you to do online banking or communicate privately through e- mail, voice, or instant messaging use OpenSSL to protect your communications.  That is why a bug in OpenSSL that can render the private information you are transmitting across the wire, visible to attackers. And this is a very big deal.
  • 4. So, How to Protect Yourself From Heartbleed Bug? If you are focusing on WHAT TO DO about it (especially if you have an online business of any kind). This is an overview of what I would suggest. 5-Step Strategy
  • 5. Step 1  Carefully assess what is the level of sensitivity of the data that you have been “protecting” via SSL. (Find out how many SSL certificates you have and where you are using them and to protect what).
  • 6. Step 2  Consider that there may be sensitive information that you are outsourcing already (i.e. to payment providers). In this case, you will have to ask them, what they have done about this bug, and how they have protected the sensitive data they handle on your behalf.
  • 7. Step 3  Once you have gathered the relevant information, you need to decide about taking any further actions.
  • 8. Step 4  The very first thing you need to do is rebuild your defenses, so you need to re-issue your SSL certificates. Then, replace the old ones with the newly-issued certificates. Most importantly, you should revoke all the old certificates to ensure that no other (future) data can be intercepted.
  • 9. Step 5  Finally, you need to assess which kind of sensitive information you were “protecting” via SSL and act accordingly (i.e. resetting user passwords, changing credentials in third party services—and the list continues).
  • 10. Concluding Words…  As more information becomes available, other actions will have to be considered, but with what we know so far, above steps look like a sensible approach to me. Sincerely, Pere Hospital @phospital Also read: Cloudways’ comprehensive coverage on Heartbleed bug