Gunnar Assmy - Fotolia

Gunnar Assmy - Fotolia

Q

Protect vulnerable routers from the wireless Heartbleed flaw

  • 0
by:
Kevin Beaver
Principle Logic, LLC

Cupid, a spinoff of the Heartbleed flaw is attacking vulnerable routers and stealing sensitive data. Kevin Beaver discusses how to defend against the threat.

This Article Covers

Network Firewalls, Routers and Switches

RELATED TOPICS

Looking for something else?

+ Show More

I read about a new exploit that makes it easy for attackers to use Heartbleed against wireless networks and the devices connecting to them. What is the best way to prevent sensitive data from being taken from vulnerable routers?

Heartbleed is a serious flaw and apparently 97% of Global 2000 companies are still vulnerable. While I don't think it's the most critical flaw to ever hit the Web like some believe, it certainly needs attention. The flaw not only affects corporate wireless networks but also the home networks that most corporate environments extend to. In effect, Cupid -- a spawn of the Heartbleed flaw -- is using wireless networks to expand the attack surface of every corporate environment.

To protect against these attacks, you need to be like one of the 3% of the Global 2000 companies, which requires these three things:

  1. Knowing your network, specifically the wireless systems you have under your control.
  2. Understanding how these wireless systems are vulnerable to Heartbleed/Cupid exploits.
  3. Doing something about it -- which means patching, revoking the affected SSL certificates and changing your private keys. You may need to replace the affected systems altogether.

Beyond this, you're going to be hard-pressed to fix the problem with any other access points your users connect to unless all systems are updated across the board. The truth of the matter is you can't control the wireless networks your users connect to all the time. The best you can do is ensure personal firewall/intrusion prevention system software use, update malware protection, maintain current patches and other security basics.

On a related note, be sure to disable Wi-Fi Protected Setup (WPS) on your consumer-grade access points. A great tool called Reaver Pro can exploit a known flaw in WPS that allows for PIN cracking to obtain your WPA pre-shared key, easy as pie.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.)

Next Steps

Learn more about Heartbleed's incident response lessons.

Gain further insight into open source security following the Heartbleed flaw.

This was first published in September 2014

Dig deeper on Network Firewalls, Routers and Switches

Related Q&A from Kevin Beaver, Network Security

What's the best way to secure Wi-Fi access for mobile employees?

Employees who work on-the-go rely on Wi-Fi access to get work done, but are those connections secure? Expert Kevin Beaver explains how to achieve ...continue reading

Is the Pwn Phone an effective enterprise security testing tool?

The Pwn Phone can reportedly detect network vulnerabilities instantly, but its use in the enterprise is questionable. Kevin Beaver explains.continue reading

Adding the age of networking devices into a security risk assessment

Recent data shows that more than 50% of all networking devices are aging or obsolete and pose a security risk to the enterprise. Expert Kevin Beaver ...continue reading

Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Meet all of our Information Security experts

View all Information Security questions and answers

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close