Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Networking Vendors Issue Heartbleed Fixes

The Heartbleed bug that came to light last week affected a huge swath of networking products, prompting vendors to issue alerts and updates.

Cisco on April 9 released a security advisory with a list of products affected by the OpenSSL vulnerability that included Nexus switches, Cisco IPS, and Teleprescence equipment.

A Cisco spokesperson said in an email to Network Computing Monday that the company is continuing to work on patches for some products, but that many more products are unaffected by Heartbleed or have already been remediated. He said customers should check back on the advisory for the latest updates.

Juniper also released a list of affected products, which included Junos OS 13.3R1 and certain versions of the company's SSL VPN. Nearly all of the products have been updated, a spokesperson said Monday.

"Every Juniper product affected by the Heartbleed vulnerability now has a fix available except for older versions of our Unified Access Control, which we expect to provide a patch for shortly. We continue to work closely with customers to help them update their systems," the spokesperson said in an email.

Other networking vendors that reported products affected by Heartbleed include F5, Fortinet and Aruba. Carnegie Mellon CERT published a list of vendor alerts and updates.

Networking expert Tom Hollingsworth of Gestalt IT said he knew vendors were trying to get patches out as quickly as possible, but wondered how many vendors didn't disclose they were using OpenSSL in their products.

Brian Monkman, perimeter security programs manager at ICSA Labs, wrote in a blog post Monday that while much of the focus in the wake of the Heartbleed bug has been on the hundreds of thousands of potentially vulnerable websites, less attention has been paid to potentially vulnerable network security products.

"To put this into perspective, ANY product that uses OpenSSL or one of its variants to create a secure connection is potentially at risk," he wrote. "This could mean, for example, a network firewall with an outward facing administrative interface that uses an HTTPS connection may be vulnerable, or a Web application firewall that has SSL termination functionality may also be vulnerable."

For an explanation of the overall impact of Heartbleed, check out this Dark Reading blog post by Tim Sapio, a security analyst at Bishop Fox, a security consulting firm.

Marcia Savage is managing editor at Network Computing.


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers