?
Solved

Barracuda SSLVPN Heartbleed Vulnerability

Posted on 2014-04-11
6
Medium Priority
?
547 Views
Last Modified: 2014-04-29
Does anyone have documentation that states that this device is NOT vulnerable.  Barracuda support told me it was not.  When I asked for documentation, they sent a "chat" conversation where they said it was not vulnerable.   The model number is 180.

Thanks in advance!
0
Comment
Question by:sfjcpu
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39995900
testing is a good idea - it might not even run openssl. here is a handy testing tool:

https://www.ssllabs.com/ssltest/

And you might want to consider installing one of the firefox or chrome plugins that give realtime display of the "heartbleed" bug whenever you visit a secure server.
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39996248
Use this popular site to test your SSLVPN appliance: http://filippo.io/Heartbleed/ 

I tested ours and found it was not vulnerable.  Which means Barracuda does not use OpenSSL, I suppose.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1000 total points
ID: 39996332
the ssllabs one is more comprehensive, carlo - instead of just testing for one thing, it gives you an assessment of overall security (including HeartBleed), and tells you which platform is being used (which is useful when determining the impact of the bug)
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 39996503
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39996539
I did run the SSLLABs on our Barracuda SSLVPN as well.  That was also negative.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39996553
did it specify which engine responded, carlo?
a lot of ssl vpn engines use tomcat (aka coyote) which uses java crypto libraries, not openssl.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question