Cyberoam Users Need not Bleed over Heartbleed Exploit

What is Heartbleed?
It is a bug in OpenSSL, a common encryption library used on web servers.

What can you do to stop it?
* Patch affected systems
* Update your IPS signatures to detect and block the vulnerability from being exploited.

How can you find out if a website is affected by this vulnerability?

Cyberoam offers a free testing tool to find if a web server is vulnerable to the Heartbleed attack, click here to test.

Are SSL related features on Cyberoam products affected?
All GA versions of Cyberoam Firmwares including 10.04.X, 10.02.X and 10.01.X are NOT vulnerable, as they use an unaffected version of the OpenSSL library.

The beta firmware versions 10.6.X are affected by this vulnerability. Please be sure to upgrade the Cyberoam firmware to the latest beta release candidate for 10.6 i.e. 10.6.1 RC-4.

As a Cyberoam customer, are you protected?
The Cyberoam Threat Research labs released IPS signature versions 3.11.61 and 5.11.61 last week to help customers protect themselves from the ?C#Heartbleed” vulnerability being exploited against them. You can check/update the IPS Signatures version through the appliance admin GUI, at the System->Maintenance->Updates tab.

Signature(s) name: OpenSSL TLS DTLS Heartbeat Information Disclosure
Default Action: Drop

Cyberoam customers are required to enable the Cyberoam IPS policy on respective firewall rule