The recent Log4j vulnerability affects everything from the cloud to developer tools and security devices
Here at Webicious we take internet security very seriously. It’s easy for any company to create a website, find a server and host some content on the internet – however, that is only a small part of what’s involved, there is a huge amount of other work involved to maintain security and privacy of data.
It would be a huge task to monitor the internet for every security vulnerability and respond quickly to any emerging threat. Our customer’s data is too important to take that risk, and that is why we work with companies like Cloudflare to implement security frameworks and a web application firewall. Put simply, all internet traffic to any of our servers is first routed through the Cloudflare firewall where common vulnerabilities are identified and blocked at the network edge without our servers ever being at risk.
This firewall prevents routine DDoS attacks, it blocks malicious bots that seek to damage websites, it prevents data breaches, and it ensures that every piece of traffic to and from our servers uses SSL/TLS transport for encrypted connections preventing man-in-the-middle attacks.
By utilising specialist partners for services such as this, our clients can have peace of mind that threats and vulnerabilities are responded to quickly. This is Cloudflare’s core business, and as such we benefit from their specialist teams monitoring this day and night. A full timeline is published of the actions taken and when. When the first reports were circulating late in the day on 09 December 2021, Cloudflare was working on the solution that evening – by the following morning the Web Application Firewall rules were identified and deployed. Before most people had read of Log4j, our servers were already protected through Cloudflare’s actions.
The software libraries still required patches to be applied to fix the security bug – but the Cloudflare firewall is the first line of defence to protect systems while these patches are rolled out. All of our affected systems are updated for critical security patches as soon as they are released giving our clients peace of mind.
What is Log4j?
Log4J is a widely used Java library for logging errors in applications. It is used in many software applications and forms a major part of cloud computing services.
Where is Log4j used?
The library is mainly used in enterprise Java software including web hosting and development frameworks.
Which applications are affected by the Log4j flaw?
Because Log4j is so widely used, the vulnerability may impact a very wide range of software and services from many suppliers. An application is vulnerable “if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.”
How widely is the Log4j flaw being exploited?
Security experts have estimated that there are hundreds of thousands of attempts by hackers to find vulnerable devices.
So what is Cloudflare?
Click here for everything you want to know.
