By David Hone, Security Specialist, Netutils
Views expressed in this post are original thoughts posted by David Hone. These views are his own and in no way do they represent the views of the company.
So what exactly is Shellshock (CVE-2014-6271) aka the ‘Bash Bug’ and should you believe the hype?
You may not believe that your organisation will be affected by this security flaw because you don’t run Linux, Solaris or Unix systems, but you may want to reconsider.
Let’s cut through the hype and consider exactly what Bash is and what functions it provides in a computer.
Bash stands for Bourne-Again Shell. In essence the Bash function provides the interface between the user and the computer. Its core function is to interpret what you type and allows the computer system to action these commands.
Bash also provides the ability to script commands, scripting being used to automate a number of steps. For example you could command a Bash shell which creates a script to discover all your database files and then copy them to a database located somewhere else in the world.
The key part to understand is that as the Bash shell is text-based the commands could be initiated from a remote computer and doesn’t necessarily have to be connected to a local keyboard. This allows IT departments / individuals to action commands from anywhere in the world. While Bash is interpreting the physical commands inputted by a user the final point to highlight (and this is one that most people overlook or simply do not consider for any number of reasons) is that as individuals, consumers and businesses we are surrounded by computers of all types (commonly referred to as ‘the Internet of things’) that are often connected to the Internet undertaking activities and processes of which we often have little understanding or knowledge.
The Bash Bug vulnerability allows an attacker to remotely execute commands, attacking scripts which have been written in Bash.
For more see http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained
How can you identify which of your devices are vulnerable to this type of attack, the impact, and what you should do to protect your business and private data?
If you have not done so already you should start by implementing a full audit of all devices connected to your network. This should include everything from the routers provided by your internet service provider to any device that your users attach to the network. It is common practice for manufactures to build ‘the internet of things’ with open source software, so almost any device from the modern fridge, to the ISP’s router, or indeed the core routers and switches in your network are all likely to have a custom built Linux/Unix operating system derived from a common open source technology which includes the Bash application and therefore all these devices are potentially vulnerable to this attack and are targets for attackers to hijack for any number of illegal activities.
So how can Netutils help? We specialise in providing networking, security solutions and consultancy and pride ourselves on providing our customers with the highest quality of immediate actionable independent advice and solutions to solve current business security needs. If you have any concerns about the impact of the Bash Bug in your organisation we urge you to get in touch, we are very happy to discuss possible fixes for you and your organisation.
Great read Dave. Clear, concise and easy to understand.