Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Need Protection Against the DROWN Vulnerability?

DZone's Guide to

Need Protection Against the DROWN Vulnerability?

DROWN is considered a serious security vulnerability that affects HTTPS users, allowing hackers to potentially break encryption and access sensitive information, including any communication between an end-user and a server.

· Cloud Zone
Free Resource

Linkerd, the open source service mesh for cloud native applications. Get the complete guide to using Linkerd and Kubernetes to build scalable, resilient applications.


Image title

On Tuesday, OpenSSL issued a security advisory for the DROWN attack on SSLv2 (CVE-2016-0800).

DROWN is considered a serious security vulnerability that affects HTTPS users, allowing hackers to potentially break encryption and access sensitive information, including any communication between an end-user and a server.

We’ve all used HTTPS to gauge whether or not a website is secure, or at least safe to browse. Now that there has been another SSL attack, we’re paying more attention, learning quickly that HTTPS is not a guarantee of safety anymore. Understanding that we can’t trust HTTPS sites is a huge problem for our email, purchase, banking, and other common, daily internet activities.

CloudPassage Halo detects and alerts your security team to vulnerabilities like DROWN, ensuring that your company can quickly take proactive measures to avoid a security breach.

Specifically, CloudPassage Halo can:

  • Detect the released CVE-2016-0800, which will help organizations find systems that are vulnerable to this type of an attack
  • Inspect and scan your servers for specific services running, along with Halo’s configuration security management (CSM) module
  • Ensure that configuration of Microsoft or Linux applications are (or are not) running SSLv2
  • Verify proper configuration of Apache, Postfix, Nginx to be utilizing the proper SSL version

Want to learn more about how you can keep your organization protected? Visit cloudpassage.com/demo or contact 800-215-7404.

Originally posted on CloudPassage

Linkerd, the open source service mesh for cloud native applications. Get the complete guide to using Linkerd and Kubernetes to build scalable, resilient applications.

Topics:
ssl ,openssl ,tls ,cloud ,security ,drown ,https ,encryption

Published at DZone with permission of Rich Gardner, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}