Suppose I am in charge of a network and I 'm worried about shellshock

[G+_Stephen Hart]

Suppose I am in charge of a network and I'm worried about shellshock.  You mentioned being worried about people setting up a vm or a device that was forgotten. Isn't all incoming activity blocked unless I forward that port to one of the computers or there is a DMZ? Should it be enough to look at the router config screen and check through all the forwarded ports and check those computers/VMs? And of course figure out which version of linux the router is running.

[G+_Fr. Robert Ballecer, SJ]

No. Patch. Patch. PATCH! ---- PLEASE! :)

 

Never count on, "I'm pretty sure the outside world can't reach my vulnerable boxes" as your first, last and only line of defense. 

 

What if somebody is inside your network? What if you have a computer on your network that gets pwned? What if you have any one of the millions of routers out there with outdated firmware and/or horrible programming that let's me take advantage of UPnP from the outside?

 

So please... PLEASE... patch. :)

[G+_Travis Hershberger]

If you think something was missed in the patching process checking the network edge (router) can help track down active systems.  It's been proven that people can get past the router, especially when just using NAT without any IDS.

[G+_Darryl Gibbs]

Noob question, where do you go to find the patch?  In my case, for my Raspian Web Server?

[G+_Travis Hershberger]

Darryl Gibbs 'apt-get update && apt-get -y upgrade' in a command prompt should do it.

[G+_Darryl Gibbs]

oh, just a standard update.  Awesome!