The inevitable question that follows is how to protect your machines and network from this threat, and secure important information so it isn’t infected or compromised. Unfortunately, there is no one-and-done solution. Experts and vendors are racing to create patches that’ll remove open vulnerabilities, but it’ll take some time. Meanwhile, there are steps organizations can take to upgrade their network security.
Start off by identifying which machines are susceptible, and monitor them closely for any suspicious activity. In order to exploit the vulnerability, attackers would need to access your machines through some other security weakness. Vigilance and proper defence tools can help keep away unwanted intrusions. Also, pay attention to machines connected to the internet, and patch these devices first. Estimates state that more than 80 percent of the Internet serves websites running software affected by Shellshock. Larger sites, like Google and Amazon, have already begun to rollout patches, but it’s unclear if smaller websites are making the necessary updates. While Bash isn’t connected directly to the internet, the Shellshock bug can potentially affect anyone visiting a website hosted on a vulnerable server. Compromised servers can even deliver other malware, further damaging systems and compromising network security
Another important precaution departments can take is to closely monitor administrative privileges. Shellshock affects the command-line interface, but is limited by the privileges of the user whose credentials were used. With Proper oversight and by limiting rights, you could severely decrease the damage done, as the vulnerability does not allow attackers to escalate privileges on compromised machines.
In addition, there are a few other measures you can use to further protect yourself from the bug:
Install the Latest Patches
Security patches are the primary method used to correct vulnerabilities in software. Applying the latest patches will greatly reduce the Shellshock threat, and an attacker’s capacity to exploit your system. Be sure to begin applying patches immediately as they become available from vendors. While initial patches were incomplete, additional updates are continuing to rollout that will close off vulnerabilities in systems.
Apply New Vendor Rules
Company firewalls and intrusion systems need to be updated with the most recent rules in order to block attacks. Many vendors, like Cisco, IBM and Juniper have already started releasing new security rules. For the most part they’re very effective and will block the majority of Shellshock related attacks.
Monitor Your System Logs
Companies also need to improve how they monitor server logs in order to catch anomalies. These anomalies will point to exploitations attempts or breaches. Some particular areas of oversight should be outbound pings and relay chat, along with HTTP connections.
Check IoTs devices
If your company uses IoTs devices, like DVRs, VoIPs, modems and routers, make sure to contact the vendor and see if their products are vulnerable. Fortunately, very few IoTs use bash, and are therefore unaffected. However, if they do, and the hardware can’t be patched, it should be replaced.
Whether you buy into the hype or not, Shellshock could cause serious problems for businesses. Some may try to convince themselves they won’t be affected in the hopes of not having to make any changes or investments. Understandably, budgets may be tight and time not available, but if you do end up running into a problem, there will be far less money and no time. Making excuses to not upgrade systems and prepare for problems will leave you exposed. Don’t simply rely on vendors and administrators; be proactive and work with IT to develop additional security measures.
computer virus / shutterstock