At LKCS, information security is at the forefront of everything that we do. As a result of the Heartbleed vulnerability that was recently discovered, we have evaluated our systems against the described threat.
LKCS hosts client web sites on both Linux and Windows-based servers. If you are unsure what platform your site is currently hosted on, please contact us and we can get you the details.
Our Linux servers do utilize OpenSSL, the application potentially targeted by the Heartbleed bug. However, NONE of LKCS’ Linux servers are vulnerable to Heartbleed as they are not running the version of OpenSSL affected by this issue. We have verified this both by verifying the installed software packages and running a dedicated Heartbleed vulnerability assessment tool.
Our Microsoft Windows servers run IIS as our web server platform. OpenSSL is not install on these servers. So all of our websites and web services are free from this vulnerability.
E-Statements, DataFlex, Secure FTP, and LKCS Statement File Uploader
All of these systems utilize Microsoft Windows servers. OpenSSL is not installed on these servers. All e-statement, FTP and LKCS file uploads are not affected by the Heartbleed Vulnerability.
LKCS hosts client e-mail through Rackspace. Rackspace has assured us that Rackspace Mail is fully protected from the Heartbleed vulnerability. They have reissued all security certificates as a precaution and did a full review of all servers and systems that could potentially have been vulnerable to Heartbleed. They found ONE public facing server that was potentially vulnerable and proceeded with an extensive evaluation of all access logs, etc. They have found absolutely NO evidence of intrusion or data loss in regards to this vulnerability. That server has since been patched so it is not vulnerable to Heartbleed. Out of an abundance of caution, you could consider changing your e-mail account passwords.
LKCS’ e-mail marketing platform has been verified to be unaffected by Heartbleed as well.
LKCS utilizes Citrix ShareFile for secure file transmissions and large file transfers. Citrix has informed us that ShareFile is not vulnerable to the Heartbleed bug.
Firewalls, Routers, Secure Access Appliances, and Other Systems
LKCS has verified that all of our other servers, routers, firewalls, etc. are not susceptible to the Heartbleed vulnerability. We did this by contacting manufacturers, checking firmware and patch levels, verifying versions of OpenSSL installed on any systems, and running a dedicated Heartbleed vulnerability assessment tool.
Moments like this are a great reminder of why we take security so seriously, and this particular vulnerability underscores LKCS’ implementation of multiple layers of information security. We thank you for putting your trust in LKCS and for choosing to work with us. If you have any questions or concerns, please feel free to contact us.
Did you like this blog post?
Get more posts just like this delivered twice a month to your inbox!