Post by: Mark Staudinger
This blog is Part 2 of a two-part series
Previously, we took a look at Shellshock and how it has wreaked havoc on thousands of computers over the past few weeks, making it easy for hackers to gain control over websites and computers systems. NYI designed its Fault Tolerant Web (FTW) service to protect against online threats, provide DDoS mitigation and protection and block web exploits before they reach your server.
The good news is that FTW, using the security policies in place when ShellShock was announced, was actively blocking ShellShock exploit attempts. Since then, we have added additional security policies that are specific to ShellShock, to better protect against any variations on the type of attack that we’ve already seen reach our edge nodes.
As we await the official patch for Bash, and as the scope and number of these ShellShock exploits inevitably rise, our FTW-enabled customers can rest easier, knowing that their servers are protected externally.
9/29 tally: 367339 blocked web requests. Of those, fewer than 38000 were exploit attempts, and of those, only 475 were ShellShock exploit attempts – slightly more than 1%. These numbers will likely rise in the coming days and weeks.
Bash patch still not finalized: http://mashable.com/2014/09/29/shellshock-additional-vulnerabilities/
Security is a primary component of FTW
Shellshock poses a significant threat because Bash is so ubiquitous on Unix servers, and the vulnerability is fast and easy to exploit for non-programmers. Also, the Bash patches are still a work in progress, and it’s not clear that all of the vulnerabilities have been fixed. So, while individual servers can and should be patched, additional protection is useful to cover those vulnerabilities that are not patched.
Summary: We knew that FTW’s existing security policies blocked most of the Shellshock exploits attempts.
NYI expanded security policies to protect against known Shellshock attacks and likely derivations.
FTW includes ShellShock protection as part of the “basic security” feature, provided at all service levels.