Deep Security : Protecting against #ShellShock aka “bash bug”

I am sure by now everyone knows about CVE-2014-6271 aka “Bash Bug”. This article will explain how to protect against this vulnerability by using Trend Micro Deep Security. Deep Security Agents can be deployed in two ways depended on the environment. The first is by using an In-Guest Agent. The other option is Agent-Less which is only available on VMware Hypervisors. Regardless of the type of agent you have this IPS rule will protect your OS against this vulnerability. Note that Deep Security IPS Agents is Host based (Not Perimeter). Thus each Host/OS will have this protection enabled if you apply this IPS rule.

Adding the IPS rule to your Base Policy
In my lab I have a top level base Policy named HomeLab Policy. I added the following IPS rule to this Policy :
Shell02
Once you have added the IPS rule you will see that it will also add the HTTP Protocol Decoding Rule set. Once done you should have two additional rules. See below :
Shell01
Things to consider

  • For the IPS rule to be enforced you must place the Policy in “Prevent” mode (Intrusion Prevention Behavior)
  • You can apply the rule to individual VM’s manually or by doing an “Recommendation Scan”.
  • In my Lab I applied the rule to my top level Policy, thus ensuring all OS’s will get this rule applied regardless of the OS type.

Conclusion
Clients that is using Deep Security with the IPS module can use this IPS rule to provide protection until such time that they can install the needed patches in the OS’s.

Leave a Reply