Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Six key defenses against Shellshock attacks

Antone Gonsalves | Oct. 1, 2014
Experts from the SANS Institute offer advice of defending against Shellshock attacks.

Because of the many variations of Linux, SANS recommends recompiling the patch source code on a test system configured identically with the target machine to avoid causing a problem with software running on the latter computer.

"If you misapply a patch on the wrong (operating system) kernel, you could break something," Henry said. "My personal preference is to compile on the machine that I'm going to be trying to patch Bash."

--Monitor system logs. Companies need to step up monitoring of server logs to catch anomalies pointing to exploitation attempts or successes. In particular, companies should monitor for outbound pings and outbound Internet relay chat (IRC) and HTTP connections.

"Those are the big ones right now," Ullrich said.

Companies should be "very cautious" with outbound traffic from an internal server, Henry said. "Normally, a server is going to respond to a query, but the server should not be initiating a new connection by itself to the Internet."

--Check IoTs devices. Companies that use Internet of Things (IoTs) devices, which include DVRs, VoIP phones and consumer-off-the-shelf (COT) hardware, such as modems, routers and video cameras, should ask the respective vendors whether their products are vulnerable. Affected hardware that won't get patched should be replaced.

Fortunately, very few IoTs devices use Bash. The majority runs instead a set of tools called BusyBox.

"There's a huge population of vulnerable devices, but only a few of them are exposed and exploitable," Ullrich said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.