What Shellshock Means for Datacenter Professionals?

15-Oct-2014 04:43 PM by Site24x7_Admin_US

Keeping your servers protected against major threats is a significant challenge for even the most experienced server administrators. While the heartbleed bug recently sparked waves in the information technology field, a new exploit recently was discovered which is far more devastating. Shellshock, a vulnerability in the Bash command interpreter and parser, which is now allowing attackers to run commands on affected servers even without proper authorization.

bash_security

For those unfamiliar with shellshock, the problem occurs when the characters "{ :;};" are included as the function definition. Once that code is entered, any code after that point is executed. A more familiar term for this is, “code injection.”

Aside from impacting terminal sessions, CGI and Apache also are affected by this. In these cases, vulnerable servers can be breached by a malicious user writing a script to execute code.

While gaining access to the shell – also known as “getting shell” is not the same as an attacker gaining root access, the effects can be devastating. Gaining access to the shell gives an attacker much more leeway with ways to circumvent security measures and gain additional unauthorized access to the server.

Although patches have been issued to resolve the vulnerability, exploits are constantly evolving, and unfortunately virtually every version of Bash in its 25 year history is affected. Although this exploit is dire for server administrators, developer workstations running Windows or Linux seem to be immune. Mac users however might be vulnerable if Shellshock morphs into a worm. Keep in mind that this might change in the future so system administrators should stay atop of the latest security trends.

One of the biggest issues to keep in mind with Shellshock is that similar to Heartbleed, it is here to stay. In an era of embedded systems which connected to the Internet, there will always be vulnerable equipment out in the open. As a data center professional this means security isn't just about preventing outside attacks but also being able to monitor devices connected internally especially those which power your digital infrastructure. System administrators also should ensure that their network infrastructure equipment is fully patched and running up to date firmware.

While shellshock is not something to completely ignore, it isn’t the end of the world. Nothing in the digital security space is going to be 100% immune to digital threats. The only way to protect your systems from digital threats is to take proactive steps to securing your network. Such actions include patching systems, monitoring network traffic, and ensuring that your contingency plans are always up to date.

Comments (0)