top-tips-header
Security

Top Tips: Protect Yourself From Poodle

22-10-14-protect-yourself-from-poodle

Gary Newe joined F5 in 2007 and has been a technical director for over a year. His role includes working with channel and SI partners as well as working directly with larger customers on a range of F5 specific solutions. 

Previously, Newe worked at Siemens, Entropy and Alcatel, and has over a decade of experience in the network industry.

Gary shares his top tips on how to protect your business from Poodle.


Last week, three Google researchers found a security bug in SSL, the security protocol that the internet uses for encryption and security. This particular bug affects SSL version 3.0 and allows hackers to take over accounts for email, banking and other password-enabled services.

The attack, named "Poodle" (Padding Oracle on Downloading Legacy Encryption) lets hackers take control of a router at a public hotspot, meaning that they can force your browser to revert to SSL 3.0 (an 18-year old encryption standard) rather than the more modern and widely used TLS (Transport Layer Security).

Attacks like this are becoming all too familiar with Heartbleed and Shellshock also striking in the last few months. Poodle is yet another sign of the reality of how easy it is for hackers to access information but businesses, and consumers alike, can protect themselves from Poodle. Here are some top tips:

1.      Update your browser: Using a modern browser is an easy way to stay protected, preventing hackers from easily finding the pitfalls in the old SSL 3.0. By downloading new versions of your browser, you will automatically get the version which is patched against Poodle, making you less of a target to malicious cyber criminals.

2.      Turn off SSL 3.0: By switching off SSL 3.0, you will be less of a likely target for attackers hoping to use Poodle. Remember that an attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. It is worth bearing in mind that, although switching it off will protect you from this attack, it could break your ability to connect to the few older websites or related services that are still available if they rely on SSL 3.0. Here is how to disable SSL 3.0 on different browsers:

  • Mozilla Firefox - Open about:config, find security.tls.version.min and set the value to 1.
  • Google Chrome - Newer versions of Chrome support TLS_FALLBACK_SCSV, which mitigates this issue. You can explicitly disable support for SSLv3 by issuing the command line command --ssl-version-min=tls1.
  • Internet Explorer - Go into “Internet Options”, “Advanced”, and uncheck SSLv3.

3.      Know what you’re protecting: It is important for businesses to keep in mind that they are protecting sensitive and often personal data. In order to keep a good reputation with customers, it is integral to protect their information and assure them that you are a reliable organisation. Recognising and protecting against these types of threats, in a timely manner, is something which all businesses and consumers should be prepared for.

Now that the Poodle vulnerability is in the public eye, it is only a matter of time before hackers begin taking advantage of it. Protecting yourself early is critical and will ensure that your organisation and customers are safe.

 

Gary Newe is Systems Engineer at F5 Networks

PREVIOUS ARTICLE

« STEM Skill Shortage: Lessons From the Financial Sector

NEXT ARTICLE

IBM Needs to Show Elephants Can Dance in the Cloud »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?