r3pek/log4j-affected-db
1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-23 00:50:48 +00:00
Code Releases Activity

Add CISA rec mitigation guidance

Browse source
This commit is contained in:
justmurphy 2021-12-23 16:24:27 -05:00 committed by GitHub
parent d77bd5e702
commit 75bda6ae80
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
README.md
View file

@ -36,39 +36,39 @@ National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.
## Mitigation Guidance ## ## Mitigation Guidance ##
When updates are available, agencies must update software When updates are available, agencies must update software
using Log4j to the newest version, which is the most using Log4j to the newest version, which is the most
effective and manageable long-term option. Where effective and manageable long-term option. Where
updating is not possible, the following mitigating updating is not possible, the following mitigating
measures can be considered as a temporary solution measures can be considered as a temporary solution
and apply to the entire solution stack. and apply to the entire solution stack.
- **Disable Log4j library.** Disabling software using the - **Disable Log4j library.** Disabling software using the
Log4j library is an effective measure, favoring Log4j library is an effective measure, favoring
controlled downtime over adversary-caused issues. controlled downtime over adversary-caused issues.
This option could cause operational impacts and limit This option could cause operational impacts and limit
visibility into other issues. visibility into other issues.
- **Disable JNDI lookups or disable remote codebases.** - **Disable JNDI lookups or disable remote codebases.**
This option, while effective, may involve This option, while effective, may involve
developer work and could impact functionality. developer work and could impact functionality.
- **Disconnect affected stacks.** Solution stacks not - **Disconnect affected stacks.** Solution stacks not
connected to agency networks pose a dramatically connected to agency networks pose a dramatically
lower risk from attack. Consider temporarily lower risk from attack. Consider temporarily
disconnecting the stack from agency networks. disconnecting the stack from agency networks.
- **Isolate the system.** Create a “vulnerable network” - **Isolate the system.** Create a “vulnerable network”
VLAN and segment the solution stack from the VLAN and segment the solution stack from the
rest of the enterprise network. rest of the enterprise network.
- **Deploy a properly configured Web Application - **Deploy a properly configured Web Application
Firewall (WAF) in front of the solution stack.** Firewall (WAF) in front of the solution stack.**
Deploying a WAF is an important, but incomplete, Deploying a WAF is an important, but incomplete,
solution. While threat actors will be able to solution. While threat actors will be able to
bypass this mitigation, the reduction in alerting bypass this mitigation, the reduction in alerting
will allow an agency SOC to focus on a smaller will allow an agency SOC to focus on a smaller
set of alerts. set of alerts.
- **Apply micropatch.** There are several micropatches - **Apply micropatch.** There are several micropatches
available. They are not a part of the official available. They are not a part of the official
update but may limit agency risk. update but may limit agency risk.
- Report incidents promptly to CISA and/or the FBI - Report incidents promptly to CISA and/or the FBI
[here](https://www.cisa.gov/uscert/report). [here](https://www.cisa.gov/uscert/report).
For more information regarding CISA recommended mitigation measures please visit For more information regarding CISA recommended mitigation measures please visit