Whether you’re new to Twitter or an active user, there are some quality and innovative IT pros to follow alongside your company account and parody Darth Vader streams. As innovative leaders who have consistently disrupted the tech landscape with their contributions, their insights have guided me through a range of security and networking issues on several occasions.

These five IT pros come from a host of backgrounds; they are data security, virtualization and web technology veterans committed to filling your feed with the latest IT news and information.

Chris Wysopal, Co-founder and CTO of Veracode

it pros chris wysopal
Wysopal currently heads up technology strategy and information security at Veracode, but made his name as an original vulnerability researcher at L0pht Heavy Industries, a high-profile underground hacker think tank that operated out of Boston from 1992 to 2000, when they merged with @stake in their evolution to a whitehat computer security company.

Wysopal was one of the first to publicize the risks of infosec software, and his recommendations helped me fight SQL injections and other types of common security threats in the past. This veteran security specialist also advises Congress on government security issues.

Follow him on Twitter @Welpon.

Brian Madden, Desktop Virtualization Expert

brian madden it pros
If you’re using virtualization software, Madden is the man you want to follow on Twitter. For past considerations of VMWare versus Citrix, or other virtualization players like Ericom and others, Madden will provide you with all the latest technology updates. I credit him with my decision to drop Citrix for a more scalable virtualization solution.

Madden’s also one of the IT world’s most fiercely independent and opinionated IT writers. You can check out his work on BrianMadden.com.

Follow him on Twitter @BrianMadden.


Dave Winer, ‘The Creator of Blogging’

2104426799_82e13542f5_z-300x300

 

Winer may not be the sole creator of blogging, but if you’ve ever blogged, subscribed to an RSS feed or listened to a podcast, he’s the guy to thank. Winer is noted for his contributions to outliners, scripting, content management and Web services, as well as blogging and podcasting. Follow him for industry news on how to better make Web-based apps work for your organization.

“When the history of the Web is written,” raves The Guardian, “his name will be up there in lights, because he was the guy who showed what blogging could do.”

Follow Winer on Twitter @davewiner, or subscribe to his RSS feed through his live blog, Scripting.

Chris Matthieu, Director of IoT, Citrix

chris matthieu it pros
Matthieu is an expert in network and web topics and every layer in between, with a particular specialization in developing architecture, SOA and SaaS technologies.

Right now he’s heading up engineering teams for Octoblu Internet of Things (IoT) at Citrix. With notable clients including BlueCross BlueShield of AZ, Accenture, and other big names on his resume, Matthieu’s experienced insights help me stay ahead of the curve at the crucial intersection of IoT technologies and business strategies.

Follow him on Twitter @chrismatthieu

Graham Cluley, Award-Winning Security Expert

Graham Cluley IT pros

Cluley is a veteran of Naked Security, a popular cybersecurity website. His background spans the entire cybersecurity spectrum, dishing out advice on configuring a VPN, creating the strongest possible password for your iPhone and other related infosec topics.

Due to the considerable depth and breadth of highly qualified and innovative IT pros worldwide who have each contributed in their own way to the evolving IT landscape, narrowing the selection down to five can be a daunting challenge. But if you’re an IT pro looking to stay ahead of the ever-evolving IT game, advance your career, or just get through some of the rough patches in your job, these are the tech leaders and disruptors you want to include in your Twitter stream.

Information security isn’t what it used to be — firewalls, although necessary, are not enough to prevent a data breach. The problem for IT is that the old methods of keeping data secure are not enough to stop intruders who, for instance, use sophisticated phishing attacks on unaware employees.

Ashok Sankar, director of cybersecurity at Raytheon-Websense, said in Computer Weekly that cybercriminals are determined to breach company security walls, no matter how long it may take them. But these concerns can’t pose a roadblock to innovations in, say, the cloud, and impede businesses in their efforts to access new markets and gain a competitive advantage.

RSA president Amit Yoran agrees, according to SC Magazine, citing infosecurity as fundamentally broken. Firewalls and policing network perimeters are just things that make you “feel safe” but don’t address real security problems.

The evolution of security is widely discussed in the technology community:

Traditional approaches to security are making us more vulnerable to attack, suggests Yoran. It’s time to rethink security to become less reactive and more resilient.

Measure Your Detection Deficit

Teach employees to use all of their mobile devices, cloud applications and business innovations securely. “This means understanding their needs, explaining to them the security implications and coming to a consensus on what can and what cannot be done,” says Sankar. “If employees want flexibility, they must understand the responsibilities that go with that.”

Stop measuring security strength by the number of attacks a system has endured and stopped. Instead, monitor the time elapsed between the data breach and when the intruder has been detected and contained — otherwise known as the detection deficit.

Firewalls Aren’t Impervious to Breaches

Firewalls do little to contain invasions at the business level too. In order to best protect the assets of your organization, prepare for an advanced persistent threat (APT), which is usually purposeful and done with malicious intent.

Assess Your Loopholes and Know What to Protect

The first step is to prioritize. Align your security goals with those of business executives to determine which assets are most sensitive. “It is now imperative to develop a layered security approach that will amp up the security arsenal with a 360-degree visibility into all corners of the network,” warned Chloe Green, security reporter for Information Age.

Ultimately, you need to improve how you monitor and detect for a data breach, which can come out of loopholes in your security system that lockdown protocol is ineffective against once malware has been installed. Once these endpoints are closed, you’ll be able to better protect your most important information.

What Absolutely Needs Securing?

According to a report by the privacy and data-protection team at Baker & Hostetler LLP, 36 percent of problems were borne out of employee negligence — only 22 percent came from external theft.

Informing your employees not only on what information they have to protect but also, how they should protect it, will lower the majority of your post-breach data loss risk.

Preparing for an APT Prepares You for the Worst

If you’re going to contain the scope of a potential APT, a firewall won’t be enough. End-to-end encryption for data in motion and comprehensive monitoring of all inbound and outbound traffic in your network have to be top priorities. End-to-end encryption protects data being transferred or shared between end-points, whether people or systems. Pair your traditional security solutions with advanced detection and real-time analytics, provided they’re configured to detect malicious activity before it causes actual damage. Differentiate this traffic by identifying patterns with an IP-based device that connects to the network, and you’ll be able to isolate the problem immediately if it occurs.

Security measures can help you minimize the looming threat of a data breach. It’s no longer practical — let alone sustainable — to approach problems with the idea that they can all be prevented once they touch your network.

cisa-certificationA certified information systems auditor (CISA) carries a specialty certification that indicates a mastery of IT security in the realms of governance, risk and compliance. And although it’s not required, CISA certification is a big boost for the IT department in some surprising ways.

Not super familiar with it? Here’s an overview of what CISA is and why you ultimately need to know about it.

IT Security = Job Security

Improving security has become an essential function of the IT department, especially with BYOD a reality and new vulnerabilities getting discovered every day. It sounds demanding, but an IT pro who has this certification is uniquely equipped to see where security weaknesses are and rectify them swiftly using the most efficient techniques available.

Do You Qualify?

To qualify for CISA certification, candidates require a minimum of five years of professional experience in the field of information systems auditing, control, assurance or security and, additionally, pass a one-time CISA exam administered by the Information Systems Audit and Control Association (ISACA). ISACA is also responsible for awarding the certification itself.

Dust Off Your SAT PTSD

The exam is designed to be difficult, with no clear order to any one section of the 200 multiple-choice questions administered over a four-hour period. ISACA doesn’t publish pass/fail rates, although the information gathered by the University of Virginia suggests only 50 percent of candidates pass (don’t get discouraged; more than 50,000 have succeeded worldwide). Keep in mind certification is awarded upon completion of the exam, but to maintain certification, IT pros must consistently adhere to the ISACA Code of Professional Ethics and comply with the organization’s continuing professional education policy.

You can always go to ISACA’s website to take a CISA practice exam. This is a great way to self-assess.

What the Certification Gets You

CISA certification is not for the faint of heart, but the hard work that goes into gaining this certification is well worth the credentials you receive. CISA is ideal for any professional working in the IT field, but it is crucial for those who are looking to demonstrate a mastery of IT security audits and manage control operations. CISA certification also provides an avenue for IT pros to stay abreast of updates and changes in technology that would keep their IT department ahead of the curve. Because it’s constantly updated to reflect new network challenges, the continuing education required by the program is a great way to stay on top of ever changing IT trends.

Line  from seven lamps, one lamp shines, 3D.

As the business line director for network and systems management here at Ipswitch, it’s my job to continually develop the future direction of our systems management products, focused upon innovation.

Staying close to our customers helps our team learn how we can best improve our products. My team and I recently conducted a customer survey to learn what they felt was lacking from any vendor in our market. We reviewed 150 concepts and ideas that contributed to a high-level roadmap for future development and product innovation.

The Need to Discover, Manage, and Secure Everything

Understanding what our present and prospective customers want is an intensive process. For one thing, it involves engaging with organizations of all sizes with different network requirements. With that noted, when the feedback was combined and analyzed we found our customers have many of the same common desires.

And what is it that they want? IT pros want to discover, manage and secure everything in the network. It’s that simple. But rapid changes in technology and employee demands have made accomplishing these feats more difficult. Understanding the latest growing pains that IT pros are experiencing has helped us guide the direction of future product development.

File Transfer Market Trends Drive Our Innovation

My colleague Rich Allen, vice president of security solutions, has been exploring trends to determine what will drive our progress in developing new programs for file transfer for businesses of all types and sizes. The demand for business continuity has grown exponentially in recent years because of the need to maintain up-times, where a few wasted minutes can cost millions of dollars.

Next to continuity, IT pros want better tools for visibility for compliance audits and internal standards. Simultaneously, end users want faster response times and broader platform support from IT, prompting us to find answers to IT consumerization and agility.

With immense growth of data being transferred and to new end points, the pressing requirement of file transfer expansion is to ensure security in an increasing borderless enterprise. To address these new directions in the industry, Ipswitch plans to map a future of file transfer development with usability, localization, integration, performance, control and most importantly, security in mind.

The Ongoing Evolution of the Borderless Enterprise

Back to my side of things. The use of hybrid networks, with both on premise and cloud solutions, is the direction most IT teams are heading. Prior to this trend, monitoring the network was an entirely internal endeavor. The new environment has been called the borderless enterprise, and it’s creating a new set of challenges.

Whether network components live on premise or in the cloud, IT pros are learning that they must be monitored and managed. With employees using cloud services and Internet of Things (IoT) devices joining the network, monitoring needs have been forever changed.

Additionally, developers have begun tapping into cloud-based services to boost their available resources. While this improves their capabilities, it presents an entirely new challenge that must be addressed.

The borderless enterprise calls for the creation of new tools that provide end-to-end management of the entire infrastructure. Understanding this need has driven us to create tools to empower our customers to take control of the borderless enterprise

More Demand for Network Bandwidth Requires More Visibility

All of the new applications that have created an enterprise without clear borders have also placed a high strain on the network’s bandwidth. Service providers have responded to this growing trend by offering speeds ranging from 10–100 gigabytes per second. With many businesses taking advantage of these new speeds, and needing to maximize every available byte, new opportunities have been created for IT:

  • Bandwidth Visualization. Being able to visualize bandwidth throughout the entire network helps make sure critical functions receive the bandwidth they require.
  • Traffic Engineering and Service Provisioning. Engineering the way bandwidth is used creates another opportunity to protect important services. Rules can be created based on the type of application. For example, an IT manager may allocate less bandwidth to video for personal use and more to video-on-demand for business use. This type of on-demand provisioning is key to scalability in a highly utilized network.

 Present and future versions of Ipswitch WhatsUp Gold and secure management products will be focused on providing IT pros and teams with everything they need to capitalize on these opportunities.

New Solutions for Software Defined Networks

Software-defined networks (SDN) are set to dramatically revolutionize the networking world. According to SDxCentral, 20% of networks will be built using traditional hardware while 80% will be SDN based by 2020. This projection indicates a flip from the present state of things, with SDN composing 20% of present networks. Our solutions will help address and even facilitate this change.

Our upcoming solutions aim to deliver more innovation to IT pros and let them discover, manage and secure everything in the network, while we continue to continue to empower IT pros with tools that will help monitor the increasingly complex IT environment.

I discuss the future of our server management products in greater detail during my talk at Ipswitch Innovate 2015 User Summit. Check out my talk to discover how we plan to take over the world of monitoring.

CTA-BANNER-network-toolkit

Cyber Monday Sale

On your mark, get ready, Cyber Monday is coming around the bend on November 30. Or so. Retailers are getting bolder what with Walmart’s Cyber Monday sale starting Sunday, November 29. And this year, the world’s largest brick-and-mortar retailer seems to be going after Amazon, whose Black Friday sale starts on Thanksgiving.

Regardless, Cyber Monday is expected to remain the single busiest online shopping day of the year. Last year ComScore estimated that $2.5 billion was spent on Cyber Monday, or 2 ½  times what was spent just 4 years prior. No doubt that IT teams in big retail are preparing for pretty much anything.

In case you were not aware, Cyber Monday is the first day back at work after the US Thanksgiving holiday. Instead of lining up outside a store’s front doors the weekend before, shoppers eagerly await that day’s big sales to kick off online. What does this mean for IT teams pretty much anywhere? Workers going shopping online during the day will hog bandwidth and potentially slow down performance. Malware and viruses attached to fraudulent e-commerce websites and scam email offers can lead to security compromises.

According to a recent Experian survey, 54 percent of all respondents anticipated shopping online, while 30 percent admitted it was riskier than shopping in person. With all these risks, how can IT teams prepare for Cyber Monday challenges and ensure the availability and security of business applications?

Just follow these three simple steps:

  1. Monitor your network. Identify workers who may be slowing down application performance because they are on high-bandwidth shopping and streaming media websites, whether from their desktops or mobile devices. IT teams can gain visibility as to those who are using more than their share of bandwidth and isolate issues before they spin out of control.
  2. Manage network logs. With log management, IT teams can speed up their response to network threats. Log management is an accurate tool that collects, stores, archives and backs-up events. It also identifies potential threats through continuous log monitoring, and receiving alerts to notify you of activity on your network.
  3. Communicate with your employees. Remind and educate employees of the potential pitfalls and dangers of wide scale usage of the corporate network for personal use. Even sharing just a few tips on how to avoid scams and other malicious activity could do the trick.

So while it may be nearly impossible to stop workers from shopping at their desks, it is not impossible to fend off the network problems that may arise from it.

>> Concerned about the impact of non-business traffic on network performance? Increase your visibility and control with the Network Power Pack.

Network Power Pack

Related articles:

Are Your Mission-Critical Applications Starving for Bandwidth?

Staying Ahead of Network Capacity Needs at NNPC Energy

 

INfographic image US
CLICK TO ENLARGE (US version)

Wearable technology might be convenient for the user, but it is inconvenient for IT pros to secure and support. Fortunately, IT pros can be better prepared to deal with people like me, including my Apple Watch and Fitbit. Today we announced the findings of our 2015 Wearable Technology Survey that polled 288 IT professionals in the United States. The survey revealed that more than half of the respondents (52.7 percent) now have users wearing technology to work, a growing concern for IT pros.

Before I continue, we also ran this survey in the UK and netted 111 responses. Check out the UK survey summary and infographic for details.

More wearable technology, more concerns for IT pros

IT pros’ top concerns with wearable technology in the workplace included:

  • Security breaches (61 percent)
  • More work to support more devices (45 percent)
  • Decreased network bandwidth (36 percent)

When asked if they had IT policies in place to manage the impact of wearable technology, nearly two-thirds (66 percent) did not while about one-quarter (24 percent) did have such a policy.

The most common wearable technologies in the workplace, some of it is company-issued

Even though wearable technology has yet to break through to the mainstream, 15 percent of all respondents noted that their companies provided wearable technology to its own workers. The most popular wearable technology in the workforce included:

  • Watches such as the Apple Watch (46 percent)
  • Fitness bands like Fitbit (42 percent)
  • Health monitoring devices like QardioArm (17 percent).

Wearable Technology Survey Resources

How IT Pros Can Be Better Prepared

IT pros can be better prepared for wearable technology in the workplace with tools that provide total visibility into network discovery and dependency mapping including Ipswitch WhatsConnected. A clear picture of what is happening helps to ensure that wearable technology isn’t going to affect network or application performance.

Ipswitch WhatsConnected helps IT pros monitor and manage devices including wearable technology in the following ways:

  • Understand detailed physical connectivity, device type and configuration information of anything with an IP address
  • Quickly pinpoint network performance issues visually with auto-generated topology maps
  • Automatically maintain a comprehensive network and server inventory of physical connectivity, device asset information, configuration information and systems inventory
  • Generate comprehensive reports to help meet compliance

For a free 30-day trial of Ipswitch WhatsConnected, visit http://ipswit.ch/T0DxK.

>> Be sure to engage with us next month during the Ipswitch Innovate 2015 User Summit, a two-day (October 21-22) online event for IT pros to learn from each other and our product experts.

The Ipswitch Innovate Virtual Summit, by IT pros for IT pros. Click here to register!
The Ipswitch Innovate Virtual Summit, by IT pros for IT pros. Click here to register!

 

Internet crime and electronic banking security

The already-infamous Anthem data breach has put personal information belonging to 80 million health insurance customers at risk after hackers gained access to their network. Customer names, birth dates, home addresses and Social Security numbers are reported to be stolen. The sheer reach is astounding. The breach at Anthem is the world’s largest within the healthcare industry. And it now ranks as America’s third largest after Heartland in 2009 (130M records stolen) and TJ Maxx in 2007 (94M records stolen).

There’s no such thing as perfect security and my heart goes out to the IT team at Anthem. They’re working 24/7 to  batten down the hatches. Hackers will always find vulnerabilities to get what they want. They’ve got plenty of motivation. The monetary value of the data stolen from Anthem could be worth hundreds of millions of dollars on the hacker black market.

Anthem responded quickly

A fast response is a good response when you are in crisis mode. Over the course of one day, Anthem:

  • Emailed customers to share the news, pledging support
  • Launched a site called AnthemFacts to address concerns
  • Published an open letter from CEO Joe Swedish apologizing for the incident
  • Offered free credit monitoring services

Anthem is getting praise for being proactive and transparent. But some of the company’s security practices have come under fire.  Security and compliance in healthcare is a journey, not a destination. IT teams need to do their best to manage and protect the high-volume of files related to Protected Health Information (PHI).

Managed file transfer helps healthcare organizations become more secure and compliant

Our healthcare customers have told us that a managed file transfer solution have helped them in the following ways:

  • Manage and control all file transfer activity from a central point of control; automate processes
  • Transfer patient files reliably and securely
  • Enable employees to easily send files using IT approved methods
  • Gain complete control over file transfer activity
  • Guarantee delivery (non-repudiation and file integrity)
  • Integrate with existing IT security systems
  • Reduce cost and time to achieve and maintain HIPAA compliance
  • Improved reliability and availability for data back-up

Additionally, a cloud-based MFT solution uniquely offers the additional benefit (since the facility and systems are directly managed) of being certified HIPAA compliant by a 3rd party auditor.  Always make sure a hosted solution has a signed HIPAA Business Associate Agreement with explicitly defined responsibilities to help achieve HIPAA compliance quickly.

Bottom line; don’t take chances when it comes to your IT security. Make sure your critical information is kept safe. Use tools and technology are put to use when data is on the move or stored within your network.

PS – Check out how our customer VIVA Health successfully and securely transfers healthcare data, demonstrates regulatory compliance, and automates manual tasks with Ipswitch MOVEit managed file transfer.

In just a few days we’ll be listening to “Auld Lang Syne” and watching the ball drop in Times Square. As we plan deeper into 2015 I found myself reading Gartner’s Top 10 Strategic Technology Trends for 2015 and want to share a few thoughts based on two of them:

  • Cloud/Client Computing: For businesses, Cloud/Client Computing has an additional component beyond Gartner’s omni-portable linkage between the cloud’s compute/data/management and client devices. Apps for the business cannot be viewed in isolation. Beyond data synchronization, IT will also have to address the integration layer between public cloud and private cloud, and between cloud and on premise applications, for rich sharing and use of data within business workflows.
  • Risk-Based Security and Self-Protection: We seem to have reached a tipping point that Gartner alludes to: security can no longer be fully managed by IT. There are just too many threats, and the paradigm shift of applications themselves pre-empting some of these threats will be welcome. Gartner correctly views this as part of a multifaceted approach. We believe that monitoring of how threats spread will lead to new dynamic response methodologies, perhaps bot-implemented, going well beyond today’s analysis of threat signatures. Stopping threats rather than dealing with their consequences is something for IT to look forward to.

Speaking of stopping threats, are you constantly on edge about the safety of your stored and transferred files? Using the right file transfer system is paramount in securing files and sensitive data. The MOVEit Managed File Transfer System is designed specifically to give control over sensitive data to the IT department, to ensure better security throughout the entire file transfer life cycle. Download our white paper entitled Security Throughout The File Transfer Life-Cycle to learn more.

As we head into 2015, what will the New Year have in store for IT? Only time will tell!

Microsoft announced in their security bulletin for November that a vulnerability in SChannel could allow remote code execution, nicknamed WinShock (CVE-2014-6321). The Microsoft Secure Channel (Schannel) is the security package that implements SSL/TLS in all supported versions of Windows server and client operating systems. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. It has an overall CVSS severity rating of HIGH with a exploitability rating of 1.   trrt

Ipswitch immediately assessed all of its products as soon as we became aware of the vulnerability. Many Ipswitch products rely on Microsoft Windows Schannel security provider for secure communications. To protect against this vulnerability, it is recommended that all customers apply the November 2014 patches to all Windows servers and clients running Ipswitch products. The November patches also include other critical security fixes, including another remote code execution vulnerability (MS14-064), so please install all of the updates.

Please find specific instructions in this Ipswitch Knowledgebase article. As always it’s recommended that you test updates and carefully monitor the production system after making any changes.

If you have additional questions, please contact your Ipswitch account manager or preferred reseller.

 

smart watchOver the past few years, organizations have been forced to deal with the rapid rise of BYOD, which created a number of IT problems as more and more employees began bringing in their own devices to the workplace. Today, there is a new trend IT departments are preparing to deal with that could be more troublesome than its predecessor: Wear Your Own Device (WYOD). With the number of wearable devices steadily increasing, from Google Glass to Apple watches, it’s only a matter of time before we see a proliferation of wearables in the enterprise.

However, much like with BYOD, it would appear that businesses have yet to grasp the full implications of the situation and aren’t currently taking wearable technology seriously enough. Very few are prepared for the impact that these devices will have on security and the corporate network. Even the healthcare sector, the much hailed early adopter of wearable technology, is not sufficiently prepared for the impact of Apple throwing it’s might behind the wearable device. A recent Freedom of Information Act (FOIA) request by Ipswitch revealed that when asked specifically about managing wearable technology entering the workplace — from Google Glass to smart watches — 83% of NHS trusts admitted to having no strategy in place.

With the potential for another IT ‘crisis’ on our hands, businesses and organizations need to begin planning ahead for WYOD before it has the chance to impact network performance and security, with inevitable calls to the Help Desk. Similar to when employees began bringing their own portable devices into the workplace, the sheer volume of additional devices connecting to the network in the form of smart watches and other wearable technology is likely to put a strain on company networks and slow performance. Depending on the type of devices, available IP addresses could also be an issue for some companies.

The WYOD trend is only going to increase in popularity and it’s up to businesses to plan for the onset before it proliferates organically without guidelines. Addressing security concerns linked to these gadgets is paramount and businesses would be best served to take a proactive rather than reactive approach to building out policies/ strategies. Don’t just wait for employees to start accessing network resources through these wearable devices. Planning for network improvements and policy development needs to take place sooner rather than later.

To read more on my thoughts about WYOD, check out my recent post in WIRED: With Apple Watch, Will WYOD Wear Out Its Welcome With IT?

Google announced in a blog post on Tuesday a vulnerability in the design of SSL version 3.0 (CVE-2014-3566), nicknamed POODLE.  The SSLv3 protocol is used in OpenSSL and other commercial products.  This vulnerability allows the plaintext of secure connections to be calculated by a network attacker and has an overall CVSS severity rating of MEDIUM.  security POODLE

Ipswitch immediately assessed all of its products as soon as we became aware of the vulnerability.  We’ve identified specific recommendations for MOVEit Managed File Transfer, WS_FTP Server and MessageWay and continue to evaluate remaining Ipswitch products, including WhatsUp Gold and IMail Server.  While POODLE is not considered high risk to our customers we will provide additional guidance for those products as soon as it’s available.

To protect against this attack, it is recommended that all customers disable SSLv3 for all services and clients.  Please find specific instructions for the following products in this Ipswitch Knowledgebase article:

  • MOVEit File Transfer (DMZ) Server and API Module
  • MOVEit Central
  • MOVEit Ad Hoc
  • MOVEit Mobile
  • MOVEit Xfer
  • MOVEit Freely
  • WS_FTP Server
  • WS_FTP Web Transfer Module
  • WS_FTP Professional

Following the instructions above may present compatibility problems for users on old platforms and browsers, where there is no support for TLS 1.0 or higher. While both Google and Mozilla have announced plans to remove support for SSLv3 from their browsers soon, it’s still recommended that you test these configuration changes and carefully monitor the production system after making any changes, so that you are prepared to handle any negative impact.

 

As you’ve likely already heard on Sept 24th a new computer security threat called Shellshock was identified and entered into the National Vulnerability Database as CVE-2014-7169.

The Shellshock vulnerability does not affect any Ipswitch products.

Shellshock

Shellshock is a bug in the widely-used Bash shell, the Unix command-line shell that has been around for 20 years. Shellshock affects almost all Linux, UNIX, and Mac OS X operating systems and the US-CERT has given the flaw the maximum CVSS rating of 10/10/10 for severity, impact and exploitability.

Security is a top priority at Ipswitch and we assessed our products as soon as we became aware of this threat. We have since determined that all supported versions of the Ipswitch WhatsUp Gold network and server performance monitoring suite are not affected by the Shellshock bug.

We strongly recommend you follow the advisories of your respective Operating System provider.