From 75bda6ae8075085bb484b9c600ce4e046129e49f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 23 Dec 2021 16:24:27 -0500 Subject: [PATCH] Add CISA rec mitigation guidance --- README.md | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 24052a0..7e1dbfc 100644 --- a/README.md +++ b/README.md @@ -36,39 +36,39 @@ National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd. ## Mitigation Guidance ## -When updates are available, agencies must update software -using Log4j to the newest version, which is the most -effective and manageable long-term option. Where -updating is not possible, the following mitigating -measures can be considered as a temporary solution +When updates are available, agencies must update software +using Log4j to the newest version, which is the most +effective and manageable long-term option. Where +updating is not possible, the following mitigating +measures can be considered as a temporary solution and apply to the entire solution stack. -- **Disable Log4j library.** Disabling software using the -Log4j library is an effective measure, favoring -controlled downtime over adversary-caused issues. -This option could cause operational impacts and limit +- **Disable Log4j library.** Disabling software using the +Log4j library is an effective measure, favoring +controlled downtime over adversary-caused issues. +This option could cause operational impacts and limit visibility into other issues. -- **Disable JNDI lookups or disable remote codebases.** -This option, while effective, may involve +- **Disable JNDI lookups or disable remote codebases.** +This option, while effective, may involve developer work and could impact functionality. -- **Disconnect affected stacks.** Solution stacks not -connected to agency networks pose a dramatically -lower risk from attack. Consider temporarily +- **Disconnect affected stacks.** Solution stacks not +connected to agency networks pose a dramatically +lower risk from attack. Consider temporarily disconnecting the stack from agency networks. -- **Isolate the system.** Create a “vulnerable network” -VLAN and segment the solution stack from the +- **Isolate the system.** Create a “vulnerable network” +VLAN and segment the solution stack from the rest of the enterprise network. -- **Deploy a properly configured Web Application -Firewall (WAF) in front of the solution stack.** -Deploying a WAF is an important, but incomplete, -solution. While threat actors will be able to -bypass this mitigation, the reduction in alerting -will allow an agency SOC to focus on a smaller +- **Deploy a properly configured Web Application +Firewall (WAF) in front of the solution stack.** +Deploying a WAF is an important, but incomplete, +solution. While threat actors will be able to +bypass this mitigation, the reduction in alerting +will allow an agency SOC to focus on a smaller set of alerts. -- **Apply micropatch.** There are several micropatches -available. They are not a part of the official +- **Apply micropatch.** There are several micropatches +available. They are not a part of the official update but may limit agency risk. -- Report incidents promptly to CISA and/or the FBI +- Report incidents promptly to CISA and/or the FBI [here](https://www.cisa.gov/uscert/report). For more information regarding CISA recommended mitigation measures please visit