1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-23 00:50:48 +00:00

Add CISA rec mitigation guidance

This commit is contained in:
justmurphy 2021-12-23 16:13:02 -05:00 committed by GitHub
parent b38a94f1ac
commit a5265aee3c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -36,16 +36,29 @@ National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.
## Mitigation Guidance ## ## Mitigation Guidance ##
When updates are available, agencies must update software using Log4j to the newest version, which is the most effective and manageable long-term option. Where updating is not possible, the following mitigating measures can be considered as a temporary solution and apply to the entire solution stack. When updates are available, agencies must update software using Log4j to the newest version,
which is the most effective and manageable long-term option. Where updating is not possible,
the following mitigating measures can be considered as a temporary solution and apply to the
entire solution stack.
- Disable Log4j library. Disabling software using the Log4j library is an effective measure, favoring controlled downtime over adversary-caused issues. This option could cause operational impacts and limit visibility into other issues. - Disable Log4j library. Disabling software using the Log4j library is an effective measure,
- Disable JNDI lookups or disable remote codebases. This option, while effective, may involve developer work and could impact functionality. favoring controlled downtime over adversary-caused issues. This option could cause operational
- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically lower risk from attack. Consider temporarily disconnecting the stack from agency networks. impacts and limit visibility into other issues.
- Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the rest of the enterprise network. - Disable JNDI lookups or disable remote codebases. This option, while effective, may involve
- Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack. Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller set of alerts. developer work and could impact functionality.
- Apply micropatch. There are several micropatches available. They are not a part of the official update but may limit agency risk. - Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically
lower risk from attack. Consider temporarily disconnecting the stack from agency networks.
- Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the
rest of the enterprise network.
- Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack.
Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to
bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller
set of alerts.
- Apply micropatch. There are several micropatches available. They are not a part of the official
- update but may limit agency risk.
For more information regarding CISA recommended mitigation measures please visit [here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures). For more information regarding CISA recommended mitigation measures please visit
[here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures).
## Software List ## ## Software List ##