SlideShare una empresa de Scribd logo

How To Protect Your Business From Heartbleed Bug?

Descargar como PPTX, PDF
Cloudways
Cloudways

If you have an online business and you use OpenSSL, then you should take these measures to protect your business from Heartbleed bug.

Tecnología
1 de 10
HOW TO PROTECT YOUR ONLINE BUSINESS FROM HEARTBLEED BUG?
My Name is Pere Hospital  IT Security Expert & Cloud Specialist - CISSP, OSCP Certified.  Founder, Cloudways (Managed Cloud Hosting Platform)  Find me on Twitter: @Phospital
Why Heartbleed Bug is a Big Deal ? According to CNN:  Two thirds of the web sites and applications that allow you to do online banking or communicate privately through e- mail, voice, or instant messaging use OpenSSL to protect your communications.  That is why a bug in OpenSSL that can render the private information you are transmitting across the wire, visible to attackers. And this is a very big deal.
So, How to Protect Yourself From Heartbleed Bug? If you are focusing on WHAT TO DO about it (especially if you have an online business of any kind). This is an overview of what I would suggest. 5-Step Strategy
Step 1  Carefully assess what is the level of sensitivity of the data that you have been “protecting” via SSL. (Find out how many SSL certificates you have and where you are using them and to protect what).
Step 2  Consider that there may be sensitive information that you are outsourcing already (i.e. to payment providers). In this case, you will have to ask them, what they have done about this bug, and how they have protected the sensitive data they handle on your behalf.
Step 3  Once you have gathered the relevant information, you need to decide about taking any further actions.
Step 4  The very first thing you need to do is rebuild your defenses, so you need to re-issue your SSL certificates. Then, replace the old ones with the newly-issued certificates. Most importantly, you should revoke all the old certificates to ensure that no other (future) data can be intercepted.
Step 5  Finally, you need to assess which kind of sensitive information you were “protecting” via SSL and act accordingly (i.e. resetting user passwords, changing credentials in third party services—and the list continues).
Concluding Words…  As more information becomes available, other actions will have to be considered, but with what we know so far, above steps look like a sensible approach to me. Sincerely, Pere Hospital @phospital Also read: Cloudways’ comprehensive coverage on Heartbleed bug

Recomendados

Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?
Cloudways
 
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
Cloudways
 
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and GulpDon’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Tobias Hartmann
 
Generic Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical ItemsGeneric Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical Items
Cloudways
 
How to Get Clients for Your Agency
How to Get Clients for Your AgencyHow to Get Clients for Your Agency
How to Get Clients for Your Agency
Cloudways
 
Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020
Cloudways
 
6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store
Cloudways
 
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress InfluencersWatch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Cloudways
 

Recomendados

Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?Developers Paradise 2016: Who are the Speakers?
Developers Paradise 2016: Who are the Speakers?
Cloudways
 
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!20 WordPress Thought Leaders Tell Why to Attend WordCamps!
20 WordPress Thought Leaders Tell Why to Attend WordCamps!
Cloudways
 
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and GulpDon’t fear the Boilerplate – Magento with Bootstrap and Gulp
Don’t fear the Boilerplate – Magento with Bootstrap and Gulp
Tobias Hartmann
 
Generic Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical ItemsGeneric Refund Policy Template for Physical Items
Generic Refund Policy Template for Physical Items
Cloudways
 
How to Get Clients for Your Agency
How to Get Clients for Your AgencyHow to Get Clients for Your Agency
How to Get Clients for Your Agency
Cloudways
 
Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020Affiliate Marketing Mistakes to Avoid in 2020
Affiliate Marketing Mistakes to Avoid in 2020
Cloudways
 
6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store6 Ways to Determine Target Audience For Your Ecommerce Store
6 Ways to Determine Target Audience For Your Ecommerce Store
Cloudways
 
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress InfluencersWatch The Awesome Workplaces Of Some Great WordPress Influencers
Watch The Awesome Workplaces Of Some Great WordPress Influencers
Cloudways
 
How To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your StartupHow To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your Startup
Cloudways
 
This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016
Cloudways
 
How PHP will fare in 2017
How PHP will fare in 2017How PHP will fare in 2017
How PHP will fare in 2017
Cloudways
 
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to MissTop Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
Cloudways
 
Ecommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday SeasonEcommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday Season
Cloudways
 
A 30 Point Checklist For Your Startup
A 30 Point Checklist For Your StartupA 30 Point Checklist For Your Startup
A 30 Point Checklist For Your Startup
Cloudways
 
Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2
Cloudways
 
How to setup tax rules in Woocommerce
How to setup tax rules in WoocommerceHow to setup tax rules in Woocommerce
How to setup tax rules in Woocommerce
Cloudways
 
How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)
Cloudways
 
How to Host WordPress on Vultr
How to Host WordPress on VultrHow to Host WordPress on Vultr
How to Host WordPress on Vultr
Cloudways
 
How to host WordPress on Google Compute Engine
How to host WordPress on Google Compute EngineHow to host WordPress on Google Compute Engine
How to host WordPress on Google Compute Engine
Cloudways
 
An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7
Cloudways
 
WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!
Cloudways
 
WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)
Cloudways
 
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services BillCloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloudways
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
中 央社
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
Memoori
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
Paolo Missier
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
FIDO Alliance
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
Samir Dash
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
BrainSell Technologies
 

Más contenido relacionado

Más de Cloudways

Más de Cloudways (15)

How To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your StartupHow To Utilize Blogging For Marketing Your Startup
How To Utilize Blogging For Marketing Your Startup
 
This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016This Is How We Disrupted The Cloud Hosting Industry In 2016
This Is How We Disrupted The Cloud Hosting Industry In 2016
 
How PHP will fare in 2017
How PHP will fare in 2017How PHP will fare in 2017
How PHP will fare in 2017
 
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to MissTop Ecommerce Influencers on Twitter You Cannot Afford to Miss
Top Ecommerce Influencers on Twitter You Cannot Afford to Miss
 
Ecommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday SeasonEcommerce Survival Checklist For This Holiday Season
Ecommerce Survival Checklist For This Holiday Season
 
A 30 Point Checklist For Your Startup
A 30 Point Checklist For Your StartupA 30 Point Checklist For Your Startup
A 30 Point Checklist For Your Startup
 
Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2Learn What Ecommerce Experts Love About Magento 2
Learn What Ecommerce Experts Love About Magento 2
 
How to setup tax rules in Woocommerce
How to setup tax rules in WoocommerceHow to setup tax rules in Woocommerce
How to setup tax rules in Woocommerce
 
How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)How to Install Magento on Google Cloud Engine (GCE)
How to Install Magento on Google Cloud Engine (GCE)
 
How to Host WordPress on Vultr
How to Host WordPress on VultrHow to Host WordPress on Vultr
How to Host WordPress on Vultr
 
How to host WordPress on Google Compute Engine
How to host WordPress on Google Compute EngineHow to host WordPress on Google Compute Engine
How to host WordPress on Google Compute Engine
 
An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7An overview of upcoming features and improvements of PHP7
An overview of upcoming features and improvements of PHP7
 
WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!WordPress Security - What Community Thinks!
WordPress Security - What Community Thinks!
 
WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)WordPress Infographic: WordCamp Events In 2014 (May To July)
WordPress Infographic: WordCamp Events In 2014 (May To July)
 
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services BillCloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
Cloud Hosting: 7 Tools That Help Forecast Cloud Services Bill
 

Último

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 

Último (20)

Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 

How To Protect Your Business From Heartbleed Bug?

  • 1. HOW TO PROTECT YOUR ONLINE BUSINESS FROM HEARTBLEED BUG?
  • 2. My Name is Pere Hospital  IT Security Expert & Cloud Specialist - CISSP, OSCP Certified.  Founder, Cloudways (Managed Cloud Hosting Platform)  Find me on Twitter: @Phospital
  • 3. Why Heartbleed Bug is a Big Deal ? According to CNN:  Two thirds of the web sites and applications that allow you to do online banking or communicate privately through e- mail, voice, or instant messaging use OpenSSL to protect your communications.  That is why a bug in OpenSSL that can render the private information you are transmitting across the wire, visible to attackers. And this is a very big deal.
  • 4. So, How to Protect Yourself From Heartbleed Bug? If you are focusing on WHAT TO DO about it (especially if you have an online business of any kind). This is an overview of what I would suggest. 5-Step Strategy
  • 5. Step 1  Carefully assess what is the level of sensitivity of the data that you have been “protecting” via SSL. (Find out how many SSL certificates you have and where you are using them and to protect what).
  • 6. Step 2  Consider that there may be sensitive information that you are outsourcing already (i.e. to payment providers). In this case, you will have to ask them, what they have done about this bug, and how they have protected the sensitive data they handle on your behalf.
  • 7. Step 3  Once you have gathered the relevant information, you need to decide about taking any further actions.
  • 8. Step 4  The very first thing you need to do is rebuild your defenses, so you need to re-issue your SSL certificates. Then, replace the old ones with the newly-issued certificates. Most importantly, you should revoke all the old certificates to ensure that no other (future) data can be intercepted.
  • 9. Step 5  Finally, you need to assess which kind of sensitive information you were “protecting” via SSL and act accordingly (i.e. resetting user passwords, changing credentials in third party services—and the list continues).
  • 10. Concluding Words…  As more information becomes available, other actions will have to be considered, but with what we know so far, above steps look like a sensible approach to me. Sincerely, Pere Hospital @phospital Also read: Cloudways’ comprehensive coverage on Heartbleed bug