In response to widespread concern about OpenSSL Heartbleed bug and related attacks, F5 Networks has issued a statement and some simple guidance for its customers.
Companies using F5BIG-IP Local Traffic Manager to terminate SSL connections already have the necessary protections in place to secure their applications against the Heartbleed bug. For companies terminating SSL connections on application servers (not utilizing F5 SSL offload), the threat can be immediately mitigated through open, extensible F5 iRules. Customers are encouraged to visit F5´s DevCentral and f5.com for more information.
For those not using F5 for SSL offload, the company offers a unique and effective approach to protect against severe, industry-wide vulnerabilities like Heartbleed. Using extensible iRules from F5, customers can easily eliminate the possibility that attacks seeking to exploit the Heartbleed vulnerability will reach back-end servers, providing protection while sever certificates are being updated.
F5 (NASDAQ: FFIV) provides solutions for an application world. For more information, go to f5.com.