1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00

Add CISA rec mitigations

This commit is contained in:
justmurphy 2021-12-23 16:20:28 -05:00 committed by GitHub
parent a5265aee3c
commit ec099a7ddc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -36,26 +36,40 @@ National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.
## Mitigation Guidance ## ## Mitigation Guidance ##
When updates are available, agencies must update software using Log4j to the newest version, When updates are available, agencies must update software
which is the most effective and manageable long-term option. Where updating is not possible, using Log4j to the newest version, which is the most
the following mitigating measures can be considered as a temporary solution and apply to the effective and manageable long-term option. Where
entire solution stack. updating is not possible, the following mitigating
measures can be considered as a temporary solution
and apply to the entire solution stack.
- Disable Log4j library. Disabling software using the Log4j library is an effective measure, - **Disable Log4j library.** Disabling software using the
favoring controlled downtime over adversary-caused issues. This option could cause operational Log4j library is an effective measure, favoring
impacts and limit visibility into other issues. controlled downtime over adversary-caused issues.
- Disable JNDI lookups or disable remote codebases. This option, while effective, may involve This option could cause operational impacts and limit
visibility into other issues.
- **Disable JNDI lookups or disable remote codebases.**
This option, while effective, may involve
developer work and could impact functionality. developer work and could impact functionality.
- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically - **Disconnect affected stacks.** Solution stacks not
lower risk from attack. Consider temporarily disconnecting the stack from agency networks. connected to agency networks pose a dramatically
- Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the lower risk from attack. Consider temporarily
disconnecting the stack from agency networks.
- **Isolate the system.** Create a “vulnerable network”
VLAN and segment the solution stack from the
rest of the enterprise network. rest of the enterprise network.
- Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack. - **Deploy a properly configured Web Application
Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to Firewall (WAF) in front of the solution stack.**
bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller Deploying a WAF is an important, but incomplete,
solution. While threat actors will be able to
bypass this mitigation, the reduction in alerting
will allow an agency SOC to focus on a smaller
set of alerts. set of alerts.
- Apply micropatch. There are several micropatches available. They are not a part of the official - **Apply micropatch.** There are several micropatches
- update but may limit agency risk. available. They are not a part of the official
update but may limit agency risk.
- Report incidents promptly to CISA and/or the FBI
[here](https://www.cisa.gov/uscert/report).
For more information regarding CISA recommended mitigation measures please visit For more information regarding CISA recommended mitigation measures please visit
[here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures). [here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures).