Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed at Acquia

Marc Seeger
May 20, 2014
Technology
0
14k

Heartbleed at Acquia

A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.

Marc Seeger

May 20, 2014
Tweet

More Decks by Marc Seeger

See All by Marc Seeger
Security in DECT
rb2k
2
160
The DIRAC video codec
rb2k
1
72
Communitygetriebene Android Systemerweiterungen
rb2k
1
51
Alternative infrastructure
rb2k
1
170
NoSQL Lunch and Learn
rb2k
9
8.4k
Lunch and Learn: Cucumber and Capybara
rb2k
7
20k

Other Decks in Technology

See All in Technology
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
280
NW-JAWS #14 re:Invent 2024(予選落ち含)で 発表された推しアップデートについて
nagisa53
0
260
コンテナセキュリティのためのLandlock入門
nullpo_head
2
320
バクラクのドキュメント解析技術と実データにおける課題 / layerx-ccc-winter-2024
shimacos
2
1.1k
新機能VPCリソースエンドポイント機能検証から得られた考察
duelist2020jp
0
220
[Ruby] Develop a Morse Code Learning Gem & Beep from Strings
oguressive
1
160
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
110
ガバメントクラウドのセキュリティ対策事例について
fujisawaryohei
0
530
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
小学3年生夏休みの自由研究「夏休みに Copilot で遊んでみた」
taichinakamura
0
150
日本版とグローバル版のモバイルアプリ統合の開発の裏側と今後の展望
miichan
1
130

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
The Invisible Side of Design
smashingmag
298
50k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
28
2.1k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Navigating Team Friction
lara
183
15k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
4 Signs Your Business is Dying
shpigford
181
21k
The Cult of Friendly URLs
andyhume
78
6.1k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k

Transcript

  1. Marc Seeger (@rb2k)
 Boston Devops Meetup
 May 20th 2014 at

  2. Act 1: Technology

  3. How it all started 7:24 PM

  4. How it all started 7:30 PM

  5. How it all started 7:26 PM

  6. How it all started 7:33 PM

  7. How it all started

  8. Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k

    25 Mar 2009 ! Precise: [00:34:37] [email protected]:~# openssl version OpenSSL 1.0.1 14 Mar 2012

  9. Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them

    puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes
 (Jira, Crucible,…)

  10. Let the patching begin

  11. Rollout Australia: ! Con: - Spiders - Snakes ! Pro:

    - Ops is awake

  12. Rollout

  13. Scan www

  14. Waiting on ELBs…

  15. Internal Certificates

  16. Suddenly: “reverse” Heartbleed

  17. Act 2: Communication

  18. Internal • Pre-determined chat rooms • Dial-in conference bridges •

    A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)

  19. Statuspage + Twitter * Powered by StatusPage.io *

  20. Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud

  21. Proactive communication Phone calls by Acquia support, TAMs, …

  22. Since then: Post mortem

  23. Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system

  24. Since then: Dedicated resource to vet security threats

  25. Since then: Clean up intranet docs

  26. Since then: Additional tooling

  27. We’re hiring (shameless self promotion) bit.ly/acquiajobs