Skip to content

SafeDNS 被公認為 IT 專業人員必備的 IT 工具

GetApp, an established software review, and recommendation engine, featured SafeDNS in its “10 Must-Have IT Tools for IT Professionals” report. With an overall rating of 4.7,SafeDNS was mentioned as one of the Must-Have IT Tools for IT Professionals with an overall positive rating of 97%.

Not only this, SafeDNS is a winner of not 1 but 2 GetApp Category Leaders reports in the first half of this year! Check out our incredible win:

SafeDNS has been a top-rated product on GetApp. Our users have made it possible! Check out our performance on GetApp –

Here’s what our users have to say about us:

SafeDNS is a really great product, we have been using it for over 5 years now and it’s really robust. We deploy for all our customers internal networks and this includes our Azure infrastructure and it just works.”

Jason T.

We have been using this software for years and are very happy with the results. School and Parents are grateful for the safety this software brings to us. When I check our stats and can see the protection that is being provided. Makes us very happy.”

Ruth P.

Want to review SafeDNS? Click here.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Log4Shell:如何緩解 Log4j 漏洞 (CVE-2021-44228)

In the end of 2021, the whole digital world has suffered the new cybersecurity flaw named Log4Shell. A new vulnerability is considered to be one of the worst that have been discovered during the last years. It scored 10 out of 10 points on the CVSS vulnerability rating scale, and it puts countless servers at risk.

What is Log4Shell?

On December 9th, a critical vulnerability that allows arbitrary code to be executed was discovered. The exposure got the code CVE-2021-44228.

The Log4Shell is a vulnerability in the open-source logging library, Log4j version 2, which is used by millions of Java-based applications/servers to log error messages. Such digital giants as Tesla, Twitter, Apple iCloud, Amazon, and millions of other companies use the Log4j library.

There is a lookup substitution function in the Log4j library. Log4Shell vulnerability exists because lookup substitutions are not protected enough when dealing with user-controlled input. Unauthenticated users can exploit this vulnerability via a web request to execute arbitrary code with the permission level of the running Java process.

The first worldwide famous target was Minecraft. On December 10th, people started sharing videos showing that, while playing online, they could just insert code to chat on the server and seize power over the server. But most likely, everything started earlier. Cloudflare -Content Delivery Network and DDoS mitigation services provider – checked their systems and noticed that the first attack on their clients with Log4Shell vulnerability had been tried to conduct on December 1st.

What makes Log4j uniquely dangerous even though you seem protected

Exploiting Log4Shell vulnerability allows hackers to launch Remote Code Execution (RCE) and remotely take full control of the victims’ systems. Hackers are already actively exploiting this vulnerability. For the last week, Ransomware groups weaponized their toolset with this exploit and are using it to disrupt normal businesses operations, exfiltrating data & making affected servers unavailable for customers.

One more point which makes Log4Shell as dangerous as it is the simplicity of exploitation. Even “junior” hackers can use this exploit. To gain control over the victim’s system, a hacker inserts the code anywhere this library handles – fill the form the website, modify website URI or Browser user-agent, or text in the support chat – and it will lead to code execution.

The whole java-world is trying to deal with Log4Shell and emphasize that it is the highest possible priority for all-sized businesses. Cisco, Apple iCloud, Microsoft, and so many other huge technology companies have already stated that some of their systems were vulnerable, but they are fixing it. But for small-sized companies without a cybersecurity department, it might be quite hard to mitigate the attack independently.

Which Version is not affected?

Almost all versions of log4j version 2 are affected. On December 14th, version 2.15 was found to still have a possible vulnerability. And a few days later, a Denial of Service (DoS) vulnerability was found in 2.16 too. The developers have already prepared version 2.17 and, as of December 20th, recommend updating the library again.

How to Mitigate the Log4Shell Vulnerability? First aid actions

Put a high priority on your IT/DevOps on patching/mitigating this vulnerability. This is worth immediate effort.

Update

It was previously thought that to be not vulnerable to Log4Shell, it is enough to turn off the lookup substitution function. But after a few days, it came across that it doesn’t work like that. Generally, the main action now (on December 20th) is to update the Log4J library to 2.17, which is supposed to be safe and has lookups turned off.

“To my satisfaction, our programs are not written in Java,” – you might think. But the point is that you may have hundreds of different systems, and they most likely are not developed by the inside team but developed by third parties – as it usually occurs. Therefore, you might not even know what is inside these systems. In this case, you should look at the product’s website or contact support for instructions on what to do to be safe.

Constant Security Monitoring

Log4Shell vulnerability is one of many, critical vulnerabilities that were found during the past ten years. And the situation is constantly evolving. The only way to see what is happening inside your system is to have 24×7 security monitoring and threat remediation and response. It will help you identify your vulnerable internal and external assets, patch production, review your log files for any Remote Command Execution attempts. Security analytics can see attempts to exploit Log4Shell vulnerability in the logs and block them*.

*Only in one client, the UnderDefense Managed Detection and Response team blocked six attempts to exploit this vulnerability only a week after the vulnerability was discovered.

A firewall is not a panacea

A firewall can block the attempts to exploit Log4Shell vulnerability, but this is not a panacea because the firewall main task is “not to pass such text.” But the exploitation of this vulnerability can vary. Hackers can easily make it so that the text does not match 100%, writing the same code using different methods, but still works WAF bypass. Accordingly, WAF is not enough but still shouldn’t be neglected.

Enable blocking on Web Application Firewall through AWS WAF, Cloudflare, or any other WAF you have, or directly on your web-server, reverse-proxy, load balancer.

Penetration Testing

After remediating this vulnerability with your DevOps team, it is worth running a penetration test to ensure external and internal systems are patched correctly, and other old vulnerabilities are not exploitable. Generally, pentesters will do the same as hackers do – try to conduct an attack on the vulnerable system. But don’t forget about other vulnerabilities that existed before Log4Shell and didn’t disappear. It is the same as having 12 bad teeth, but to treat only 1 of them. So, conducting a pentest, it is better not to choose only one vulnerability test.

Conclusion

Since December 9th, developers have thought that user can just turn off lookups in the Log4J library to fix the vulnerability. But a few days ago came across that this method doesn’t work, and millions of systems still stay vulnerable. Developers told to update the Log4J v2 library to 2.16. And people did it. But recently, the vulnerability was also found in 2.16, and now there is a 2.17 version, which is supposed to be safe.

The situation is evolving. Log4Shell is something new, something dangerous, and something that is not studied enough. We recommend you to have your finger on the pulse and take care of your cybersecurity.

About UnderDefense
UnderDefense, a globally top-ranked firm by Gartner and Clutch, provides cyber resiliency consulting and technology-enabled services to anticipate, manage and defend against cyber threats. We empower clients to predict, prevent, detect, and respond to threats.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

評估整個 OT 架構的風險

A SCADAfence New Feature Report

Here is the standard, old school way of automated risk assessment across an OT network:  First, scan each device individually. Then evaluate its specific level of risk based on the device’s known vulnerabilities, exposure outside the network, level of criticality to operations, and several other factors. If the device creates a risk, the system issues an alert. This is probably how your current system operates and overall, you likely think that works pretty well.

But the truth is, that approach leaves a large opening in your overall security. Because each device doesn’t just exist in its own bubble. It has a specific place as part of a larger network, and it needs to be analyzed as such. Therefore, The SCADAfence Platform organizes logical groups of connected devices into units called “security zones.” A security zone might be a number of PLCs all on the same line, groups of engineering stations, or it could be groups of devices that exist in the same area of the network. 

The SCADAfence Platform’s new Architecture Risk Assessment feature provides insights into OT network risks based on automated assessments of each security zone and interactions between devices in separate zones. This method uncovers risks that would otherwise be missed.

Detecting Risks Across Security Zones

SCADAfence’s security experts have designed a method to evaluate each security zone in a more holistic manner and rate the risk from each zone to the overall architecture of your OT network.

Architecture Risk Assessment mimics the mind of a top security expert who analyzes the entirety of a network. It closes the gap between the current practice of alerting only on security issues of individual devices and the best-practice risk assessment methodologies of security experts who assess the entire network. The end result is more high-level risks being detected across your OT network. Also, it allows network administrators to reduce risks to their network and identify potential problems before incidents occur.

Without this functionality, you would require an analyst to manually review and analyze the traffic between security zones, and identify possible risks. And of course, reviewing things manually is more time consuming, more expensive, and would overlook many important risks. 

The Architecture Risk Assessment feature can be used during the risk assessment / security posture process which is typically performed before introducing new security controls, or it can be scheduled to be re-run periodically. 

Use This Feature Out-Of-The-Box or Customize It

The SCADAfence Platform has built-in rules that alert on insecure behavior between assets when they are interacting across security zones. For example, the system will alert if it detects administrative access from an external network to critical process equipment inside the OT network. Other systems, that alert only on activities of an individual device, would overlook this risk.

In addition to the built-in rules, the Architecture Risk Assessment functionality allows user-defined rules to be added as well.

The SCADAfence Platform Architecture Risk Assessment Feature evaluates the security risk across logical zones and allows user-defined rule sets.

Summary of Benefits of Architecture Risk Assessment

  • Automatically identify potential risks to your OT network caused by architectural weaknesses such as lack of network segmentation.
  • Understand additional layers of risk caused by activity happening between groups of assets in addition to risks caused by weaknesses of individual assets.
  • Out-of-the-box expertise for architecture risk assessment.
  • Save your organization time and money. No more need for manual analysis and review of traffic between network zones.

SCADAfence New Feature Reports is an occasional series of blogs exploring the many newly added features of the SCADAfence Platform in detail. For more information or to see SCADAfence in action, request a personalized demo.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.