Defense-In-Depth Security Strategy in Log4j Vulnerability Analysis

Software system are ubiquitous and play an important role, failure of these systems can damage the entire enterprise and in the worst case result in irreparable losses. Logs have been used for many reasons, including security compliance, monitoring, debugging, and business analytics. Alibaba's...

Full description

Saved in:
Bibliographic Details
Published in2022 International Conference Advancement in Data Science, E-learning and Information Systems (ICADEIS) pp. 01 - 04
Main Authors Feng, Sylvia, Lubis, Muharman
Format Conference Proceeding
LanguageEnglish
Japanese
Published IEEE 23.11.2022
Subjects
Codes
Containers
Defense-in-depth
Java
Law enforcement
Libraries
Log4j
Mitigation
Organizations
RCE
Software systems
Vulnerabilities
Online AccessGet full text

Cover

More Information
Summary:Software system are ubiquitous and play an important role, failure of these systems can damage the entire enterprise and in the worst case result in irreparable losses. Logs have been used for many reasons, including security compliance, monitoring, debugging, and business analytics. Alibaba's cloud protection division Chen Zhao Jun discovered new vulnerabilities. Vulnerabilities found in Apache's logging library called Log4j, exploit code released on log4 due to serious law enforcement issues. There are five mitigations process to build defense-in-depth to protect organization from Log4j vulnerabilities. These systems together will permit your security group to respond to assaults focusing on this weakness, block them, and report on any impacted running holders early. CVE-2021-44228 are as yet being effectively examined to appropriately distinguish the full extension seriousness. Given the available information, these weaknesses might have a high effect at present and in the future.
DOI:10.1109/ICADEIS56544.2022.10037384