By Ona Blanchette | Date posted: October 6, 2014
The Shellshock Vulnerability, also known as the Bash Vulnerability, has received a severity score of 10.0 from NIST. This vulnerability is not new but was recently discovered by an Akamai researcher and is considered to be worse than Heartbleed. Heartbleed is a serious security flaw but luckily, it is relatively difficult to exploit. Shellshock is much easier to exploit and could lead to losing control of your entire system. The vulnerability exploits open shell access where hackers can place foreign commands into command-line interface (CLI).
All Forum Sentry instances are safe from the Shellshock Vulnerability or any bash-related vulnerabilities. In fact, if deployed properly, Forum Sentry can protect you from bash vulnerabilities. Forum Sentry provides protection in three ways:
1. Restricted Shell Access
The Bash vulnerability is a prime example of why it’s critical to take a lockdown approach to open, free-for-all shell access, a practice that is all too common for on-premise and cloud-based servers. All Forum Sentry Instances, hardware and virtual, only allow a specific, preset list of executable commands. Each of these commands has been thoroughly vetted and tested to ensure they are safe and secure to run. By not allowing foreign commands, you are significantly reducing your exposure to security flaws like Shellshock.
2. Protects API Traffic
One of the primary entry points for hackers to exploit Shellshock is through server URIs. For example, hackers may expolit URIs that invoke server-side code (for example, .cgi, .asp, .jsp, or .php scripts) to execute malicious instructions on the company’s back end web server. If the scripts are executed properly, this could lead to direct access to the OS shell. With Forum Sentry, these file types (.cgi, .asp, .jsp, or .php) are masked so hackers have no idea what type of executable code is running on the servers. This makes crafting an attack much more difficult. Furthermore, through extensive Data Leak Protection, Forum Sentry prevents hackers from discovering what operating systems and programming languages are being used for backend processing.
In addition to masking the file types, Forum Sentry also has filters to enforce security by restricting the structure of the URI: the number of parameters, the size of name-value pairs and their content types. This prevents any malicious processing instructions from being submitted to your web servers.
3. Protects Non-API Traffic
When Forum Sentry is deployed at the network edge, setup as proxy, it has the ability to inspect and filter out known Shellshock attack signatures (malicious commands) deep within the data packets. Shellshock, and any other malicious instructions, can be embedded within a zip file, encrypted, base-64 encoded, or stuffed in an XML, SOAP or JSON message. Without the ability to un-pack the message, decrypt it, decode it and parse it, the Shellshock vulnerability can easily flow through technologies that lack deep content inspection (such as firewalls, load balancers, routers, and WAFs).
Forum Sentry API Gateway provides Tier-0 protection from Shellshock for API and non-API related traffic through filters that prevents malicious commands from penetrating corporate boundaries. It eliminates hackers from probing by protecting the information needed for crafting their attacks. Forum Sentry has been custom built with security as the core focus, reducing the risk profile for known and future exploits.
If you have specific questions about your Forum Sentry deployment, please contact our Support Team.