Log4j situation now, how can we protect ourselves?

Jan 2, 2022 - 06:30
 16
Log4j situation now, how can we protect ourselves?

We have already written about this problem, you can read here https://zexron.com/a-gap-in-javas-log4j-causes-a-sensation/. Now we present to you how to protect yourself.

Many systems already use Log4j, a Java library, for logging application error messages. Apache has discovered a problem that hackers can take advantage of. In fact, hackers are already trying to exploit this vulnerability. Software, open-source, cloud platforms and email services can be compromised. What is Log4j and how is it used?

A reliable method for debugging hair during software development involves printing logs. Essentially, error messages occur in the system. If there were no omissions, we would say that this is a quality and flexible “solution” that everyone needs.

Developed and maintained by the Apache Software Foundation, Log4j can be used on Windows, Linux and Apple’s macOS. Logging is crucial in software development because it shows the state of the system during operation. This is very significant and reveals an attempt to reproduce the error in the process of “debugging”.

Developers use Log4j during different stages of development and for all types of software, online games, business software… What exactly is the problem?

This vulnerability has always existed and was ignored when it was discovered back in 2020. However, Apache has now officially discovered this vulnerability within the Log4j library after LunaSec (Open Source Application Security framework that helps isolate and protect you from 0-day attacks like Log4Shell) identified it in Microsoft’s Minecraft. Software and devices at risk?

Java-based business software and servers use Log4j. Because of their widespread use in software applications and online services, many services are vulnerable. This is a risk for any device that uses Apache Log4j versions 2.0 to 2.14.1 and that accesses the Internet. In fact, a huge number of services use Log4j, such as Apple’s iCloud, Microsoft’s Minecraft, Twitter, Steam, Tencent, Google, Amazon, CloudFare, NetEase, Webex and LinkedIn.

Because it is classified as a zero-day vulnerability, Log4j comes with many consequences. Attackers can break into systems, steal passwords and login information (usually email addresses), and infect networks with malware - as you can exploit this vulnerability with little technical expertise. How to protect yourself? 1) Patches and updates

Your organization (company) should quickly recognize the Internet devices running Log4j and upgrade to version 2.15.0. or newer.

You should also install all updates and security patches released by manufacturers and vendors as soon as they become available. Minecraft has already advised users to update the game to avoid problems. Other open source projects like Paper similarly issue patches to solve problems. 2) Set Firewall rules for Log4j

The best form of protection against Log4j at the moment is to install a firewall for web applications (WAF). If your organization already uses WAF, it’s best to install Log4j policies.

With WAF, you can protect your applications from Log4j problems. 3) Hunting for anomalies

Ask your organization’s security departments to continue to regularly search for anomalies and take action on any alerts generated by Log4j.

Log4j is regularly used in the programming world. As things stand now, security experts, DevOps teams and “white hat hackers” are trying to find out more about this problem.