mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-23 00:50:48 +00:00
Add CISA rec mitigation guidance
This commit is contained in:
parent
b38a94f1ac
commit
a5265aee3c
1 changed files with 21 additions and 8 deletions
29
README.md
29
README.md
|
@ -36,16 +36,29 @@ National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.
|
||||||
|
|
||||||
## Mitigation Guidance ##
|
## Mitigation Guidance ##
|
||||||
|
|
||||||
When updates are available, agencies must update software using Log4j to the newest version, which is the most effective and manageable long-term option. Where updating is not possible, the following mitigating measures can be considered as a temporary solution and apply to the entire solution stack.
|
When updates are available, agencies must update software using Log4j to the newest version,
|
||||||
|
which is the most effective and manageable long-term option. Where updating is not possible,
|
||||||
|
the following mitigating measures can be considered as a temporary solution and apply to the
|
||||||
|
entire solution stack.
|
||||||
|
|
||||||
- Disable Log4j library. Disabling software using the Log4j library is an effective measure, favoring controlled downtime over adversary-caused issues. This option could cause operational impacts and limit visibility into other issues.
|
- Disable Log4j library. Disabling software using the Log4j library is an effective measure,
|
||||||
- Disable JNDI lookups or disable remote codebases. This option, while effective, may involve developer work and could impact functionality.
|
favoring controlled downtime over adversary-caused issues. This option could cause operational
|
||||||
- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically lower risk from attack. Consider temporarily disconnecting the stack from agency networks.
|
impacts and limit visibility into other issues.
|
||||||
- Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the rest of the enterprise network.
|
- Disable JNDI lookups or disable remote codebases. This option, while effective, may involve
|
||||||
- Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack. Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller set of alerts.
|
developer work and could impact functionality.
|
||||||
- Apply micropatch. There are several micropatches available. They are not a part of the official update but may limit agency risk.
|
- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically
|
||||||
|
lower risk from attack. Consider temporarily disconnecting the stack from agency networks.
|
||||||
|
- Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the
|
||||||
|
rest of the enterprise network.
|
||||||
|
- Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack.
|
||||||
|
Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to
|
||||||
|
bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller
|
||||||
|
set of alerts.
|
||||||
|
- Apply micropatch. There are several micropatches available. They are not a part of the official
|
||||||
|
- update but may limit agency risk.
|
||||||
|
|
||||||
For more information regarding CISA recommended mitigation measures please visit [here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures).
|
For more information regarding CISA recommended mitigation measures please visit
|
||||||
|
[here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures).
|
||||||
|
|
||||||
## Software List ##
|
## Software List ##
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue