Don’t Let the “Bash Bug” Bash Your Business

MSP Tips, Security

The Bash Bug, also known as “Shellshock,” is in a commonly used piece of Unix system software called Bash, which has been around since 1989. It is a command shell that provides instructions to your computer. Exploiting a security hole in Bash means hackers could instruct your computer to do things you would prefer it not do! For example, the Bash Bug could be used to seize control of a vulnerable web server to collect online passwords stored in databases, download identities, or take other undesirable actions.

Exposure is rather broad, as Bash is used on a variety of Unix-based systems, including Linux and Mac OS X. Servers, routers, Android phones, Mac computers, and medical devices are some of the devices that use Unix. Even systems running power plants and municipal water systems could be affected by the bug, though security experts already recommend that these systems remain disconnected from the Internet to avoid opening them to such risks.

So what steps can you take to minimize the risk that the Bash Bug does harm to your business?

Consider the following four steps:

Step 1:

Identify all devices that can be affected, which will likely include network devices (such as routers, switches, etc.), servers, workstations, computers, appliances, etc. Anything connected to your network that is UNIX-derived, whether that be an appliance-based system or a computer running Linux, OS X, or BSD, could be exposed. To make this first step easier, you should use a strong discovery, inventory and audit management tool to help with the identification.

Step 2:

Create scripts to test whether or not those systems are vulnerable. Companies such as Red Hat are creating advisories which detail the exact commands you’ll want to include in the script along with the expected responses. The scripts should be created in a management tool to make it easier to create, document and manage the script.

Step 3:

Run the scripts to create a list of vulnerable systems. The systems you identified now need to be listed in way that makes it easy to take action. You could simply list them in a spreadsheet in preparation for a long day of manually trying to complete repairs. Or, you could again leverage a management tool, one which can capture the results from the testing and make it easier to implement the fix.

Step 4:

Patch any affected devices. In the case of Linux this will involve using package managers like Yum (Yellowdog Updater, Modified), an open-source command-line package-management utility for Linux, or YaST (Yet another Setup Tool), a Linux operating system setup and configuration tool. When Apple releases security fixes for OS X, it can be deployed in scripted fashion with the Apple command-line process ‘softwareupdate.’ These tools can be used in conjunction with a management automation tool that will automatically patch the affected devices and document their updated status, eliminating the need to manually fix and track every device.

Kaseya’s management and automation solution can help you move through these four steps with greater ease, speed, and efficiency, while minimizing the human error factor. More specific information on the Kaseya approach using Agent Procedure can be found on the Kaseya Community Forum. Managed Service Providers using the Kaseya solution, such as Upstream, can also help you resolve the issue. And once you have used the Kaseya solution to address the Bash Bug, you then have a leading management and automation solution in place to help you address the next, unfortunately inevitable security and compliance issue (which at current course and speed might be just days away!).

Authors:

Tom Hayes, VP Product Marketing, Kaseya

Ben Lavalley, Product Management, Kaseya

MSP Marketing

MSP Marketing:  3 Channels to Build Your Sales Pipeline

Many managed service providers (MSPs) struggle with getting their marketing strategy in place. This is usually because MSP owners areRead More

The MSP Landscape as Told Through Data, with Jy McBain of Forrester - Connecting IT Podcast

Connecting IT Podcast – The MSP Landscape as Told Through Data, with Jay McBain of Forrester

In this edition of the Connecting IT Podcast, Jim Lippie Kaseya’s GM and SVP of Partner Development, talks with JayRead More

MSP Metrics and Fundamentals with Nigel Moore

Connecting IT Podcast – MSP Metrics and Fundamentals with Nigel Moore

In this edition of the Connecting IT Podcast, Jim Lippie, Kaseya’s GM and SVP of Partner Development, talks with NigelRead More

NOC- Network Operations Center

NOC: An MSP’s Guide to Network Operations Centers

Network operations center (NOC) services, in the context of modern-day IT managed services, typically involve the delivery of IT servicesRead More

2020 IT Operations Survey Results - Highlighs and Key Takeaways - Watch Now
2020 MSP Benchmark Survey Report

Archives

Categories