Re: Finding Servers Using OpenSSL SSL/TLS

[Peter Setlak <psetlak () COLGATE EDU>]

I created a monitor on our Application Firewalls to see anything using SSL
(catching additional ports). As we verified the services listening on those
ports were clean and/or after we patched them if needed, I adjusted the
filter to ignore them.


On Fri, Apr 11, 2014 at 12:51 PM, Mike Cunningham
<mike.cunningham () pct edu>wrote:

> Do you do anything with cloud/3rd party/off campus systems that Columbia
> uses ?
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel L. Rosenblatt
> Sent: Friday, April 11, 2014 12:49 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Finding Servers Using OpenSSL SSL/TLS
>
> We keep a constantly updating list of any IP address that accepts
> connections on port 443 using netflow information, we test them for the
> Heartbleed bug and inform the machine owner if they have a problem
>
> Thanks,
> Joel Rosenblatt
>
>
>
>
> Joel Rosenblatt, Director Network & Computer Security Columbia Information
> Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY
> 10025 / 212 854 3033 <%20212%20854%203033> http://www.columbia.edu/~joelPublic PGP key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
>
>
> On Fri, Apr 11, 2014 at 11:33 AM, Pratt, Benjamin E.
> <bepratt () stcloudstate edu> wrote:
> > Good morning everyone.
> >
> > The question:
> >
> > What would be the best option for determining remotely whether a server
> utilizes OpenSSL SSL/TLS for encrypting https traffic?
> > The background:
> >
> > I'm hoping the list can provide a little assistance in dealing with the
> aftermath of the Heartbleed vulnerability.
> > The good news is a scan of our campus network indicates that we are
> nearly fully patched. The bad news is that not all of the https servers
> utilizing OpenSSL SSL/TLS are centrally controlled. This means that we
> don't know which servers were patched before our first scan and therefore
> where all of the servers that were vulnerable, over the past two years, are
> located.
> > I am attempting to put together options that include changing out SSL
> certificates and notifying users of previously vulnerable systems to update
> passwords. If I am able to provide more specific information about the
> scope of our endeavor it would certainly be an added value.
> > Thank you,
> >
> > Ben
> >
> > --
> >
> > Benjamin Pratt
> > St. Cloud State University



-- 
Thank you,

Peter J. Setlak
Network Security Analyst, GSEC, GLEG, GCPM
Colgate University
---
psetlak () colgate edu
(315) 228-7151
Case-Geyer 450

Colgate IT Security - http://colgate.edu/itsecurity

Think *Green!* Please consider the environment before printing this email.


*Engage with Colgate University: *
News blog <http://blogs.colgate.edu/>,
Twitter<https://twitter.com/#%21/colgateuniv>
, Facebook <https://www.facebook.com/colgateuniversity>,
Google+<https://plus.google.com/u/0/b/113333907606560373469/>
, Delicious <http://www.delicious.com/colgatenewsmakers>,
YouTube<http://www.youtube.com/cuatchannel13>
, Flickr <http://www.flickr.com/photos/colgateuniversity/>,
Pinterest<http://pinterest.com/colgateuniv/>
, LinkedIn <http://www.linkedin.com/company/colgate-university/>