Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 158 replies
  • Subscribers 3 subscribers
  • Views 151070 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeline for patching SSL vulnerability (Heartbleed Bug)

strategicdata
Heatbleed Bug (CVE-2014-0160)

Hi

Is there any timeframe for patching this SSL/TLS bug for Astaro Security Gateway V8.
We are on the latest 8.311 (as V8 is an approved appliance for us and V9 is not).

Thanks


Heartbleed Bug
https://news.ycombinator.com/item?id=7548991


This thread was automatically locked due to age.
Parents
  • 0
    My clients all have been advised to use a different port on UDP for the SSL VPN and a different port for the User Portal.  Are those that have taken this advice still exposed there?   I don't see any way to avoid turning off any Virtual Server definitions that use SSL.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    My clients all have been advised to use a different port on UDP for the SSL VPN and a different port for the User Portal.  Are those that have taken this advice still exposed there?   I don't see any way to avoid turning off any Virtual Server definitions that use SSL.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    I don't believe changing ports will help you.  All an attacker need do is a portscan (slow one to avoid portscan detection, mind you)... that said, using an alternate port would slow them down -- the problem is many of my customers use the SSL VPN on TCP 443 because that's the best way to get through some of the hotel firewalls "out in the world."

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Cookie Information Banner