CloudFlare - The Heartbleed Bug - Webinar
Click here to load reader
-
Upload
cloudflare -
Category
Technology
-
view
459 -
download
4
description
Transcript of CloudFlare - The Heartbleed Bug - Webinar
![Page 1: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/1.jpg)
The Heartbleed bug: what is it and how to protect your site?
Elenitsa Staykova Marketing, CloudFlare Nick Sullivan Systems Engineer, CloudFlare Ben Murphy Software Developer, Fonix
1
![Page 2: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/2.jpg)
Our Program Today
Elenitsa Staykova – Introduction and Overview Nick Sullivan – What is Heartbleed? How to protect your site? Ben Murphy – Q&A on the CloudFlare Heartbleed challenge
2
![Page 3: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/3.jpg)
CloudFlare At a Glance
Security ü DDoS mitigation ü WAF ü SSL ü Basic security
Performance ü Static content caching ü Dynamic content acceleration ü Front end optimization ü Rocket Loader, Mirage, Polish
More ü DNS ü Availability ü Load balancing ü Client intelligence ü Reporting and insights
3
![Page 4: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/4.jpg)
Our Global Network
4
![Page 5: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/5.jpg)
The Heartbleed bug
² What is the Heartbleed bug? ² Open source software OpenSSL ² Cryptographic portion of library OK ² Information disclosure vulnerability
5
![Page 6: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/6.jpg)
The Heartbleed bug
² Sensitive information at risk ² Usernames ² Passwords ² Private SSL keys
² Private keys are keys to the kingdom ² Sites may be vulnerable to impersonation ² Heartbleed bug – a really big deal
6
![Page 7: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/7.jpg)
The CloudFlare Heartbleed Challenge
² Can you get private SSL keys using Heartbleed?
² Crowd sourced investigation to find out
² CloudFlareChallenge.com/Heartbleed
² The world rose up to the challenge
² Extracting private SSL keys using Heartbleed is
possible
7
![Page 8: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/8.jpg)
Protecting your site – what do we recommend
² http://istheinternetfixedyet.com/ Tracks sites still vulnerable to Heartbleed:
² If site vulnerable, don’t access until updated PWs and certificates
² If site not vulnerable, change PW
² Website End users ² Website Owners ² Website Owners using CloudFlare
8
![Page 9: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/9.jpg)
Q&A with Ben Murphy
² Ben Murphy – one of top 4 winners who successfully solved the Heartbleed challenge
² Solving the challenge ² Used techniques ² State of the Internet
² Questions from the Audience
9
![Page 10: CloudFlare - The Heartbleed Bug - Webinar](https://reader038.fdocuments.us/reader038/viewer/2022100517/554be6a4b4c9056b348b4b18/html5/thumbnails/10.jpg)
The End April 2014
10