Blog

Shellshock

October 7, 2014 by Ixia Blog Team

Ixia Provides the Speed and Confidence to Know You are Protected from Shellshock

There are patches and there are IPS signatures, but are you really protected?

The patch is the best protection for an enterprise, but it needs to be tested to ensure it fully remediates the vulnerability for attacks. The signature for an intrusion prevention system (IPS) is a solid form of protection, but it needs to be tested to ensure it can detect and block an attack.

Validate Malware-Protection Effectiveness for Shellshock

Adding insult to injury, the already embattled computer industry hears again of a new vulnerability discovered inside one of the most used utilities in the Linux world, the Bash shell. The vulnerability affects all versions of Bash and allows for remote command execution given a specific context. The vulnerability is due to a bug that allows parsing and execution of characters inside an environment variable if these characters follow the definition of a function.

The good news is most security vendors have released signatures to protect against attacks targeting the bash vulnerability. The Ixia security research team, within hours of the discovery of the bash vulnerability, developed what we call a “strike”, this is an attack that can be used by vendors to test signatures and assess their effectiveness, improving a vendor’s speed in responding with a signature. That same strike can be used by enterprises to test the effectiveness of patches for the bash vulnerability (remember the first patch was incomplete) and also test the IPS signatures they receive from security vendors to ensure they provide protection and do not impact the performance of IPS deployments.

What Should You Do? Move Fast with Confidence.

1. Patch Systems

In trying to defend against this vulnerability a number of vendors have already supplied patches or work-around solutions for their products. We recommend that you check your vendor’s website and update your version of Bash as soon as possible. Note however that some patches are proving to not fully rectify the vulnerability.

2. Update Signatures

To defend against attacks that will disrupt unpatched systems, contact your security vendor or pull down new signature updates that will include protections for the bash vulnerability. Most have made announcements or pushed updates for their devices since the vulnerability was disclosed.

3. Test Patches and Signatures

Once you’ve implemented the appropriate patches, you’ll want to validate that they sufficiently fix the vulnerability and don’t impact network or application performance. Likewise, vendors should be using test tools to validate that their patches or work-around are effective before publishing to the market place.