When most of the press around the globe and social media are widely discussing the threats and vulnerability of Heartbleed Open SSL bug, Taiwan based IT conglomerate ZyXEL has assured that it’s full range of products, from DSL CPEs to home routers and network storage and players are not at all affected by the Heartbleed Bug vulnerability. ZyXEL has become one of the first companies to have made such announcement.
The billion dollar IT manufacturer has strongly communicated to its global consumer base that no ZyXEL product would ever allow a Heartbleed Bug penetration, unlike other IT manufacturers. ZyXEL has communicated this to all the markets in 120 countries they are present in.
Bill Su, Technical AVP at ZyXEL Communications Corporation, apprised, “We have carried out extensive checks and confirmed that the OpenSSL versions used in ZyXEL products are not at risk.” He also maintains that ZyXEL’s business solutions including security appliances, Gateways, Switches and WLAN AP/ Controllers, use OpenSSL across the globe and none of them use the affected versions. By this, Su also means that all firewalls and firmware versions pose no threat by the Heardbleed Bug, which was found in OpenSSL versions 1.0.1f and 1.0.2-beta1.
Yogesh Singh, Senior Technical Officer in India enlightens about the threat, “Heartbleed vulnerability permits stealing of protected info by SSL/TLS encryption used for securing the internet. A Heartbleed Bug allows an intruder to read the memory of the systems protected by the vulnerable versions of the open SSL software.”
What Yogesh actually means is that the hackers or cyber criminals can use the Heartbleed to steal private encryption keys from a server that is using OpenSSL and then snoop on the user data, including passwords. The bug created panic among web users just days back all over India.Yogesh Singh further informs that ZyXEL DSL CPE, WiMAX, LTE, network storage and additional models that support HTTPs Remote Management, which are in the OpenSSL versions, are not affected by the Heartbleed Bug.
“To improve business network security, we strongly recommend that users should add our IDP (Intrusion Detection and Prevention) service to USG (Unified Security Gateway) to protect businesses from such threats as the USG series effectively guards servers in business networks from the break-in via the Heartbleed Bug,” said Su.
To enhance protection, ZyXEL USG series featuring the IDP license will automatically connect to ZSDN (ZyXEL Security Distribution Network) to retrieve the latest updates. ZyXELhas released this new IDP signature update recently, adds Yogesh Singh.