Concerned with Log4Shell or Log4J Vulnerability?

Concerned with Log4Shell or Log4J Vulnerability?

Every Christmas for the last while we have been getting security alerts, last year we got the issues with Solarwinds and this year we got Log4Shell/Log4J CVE-2021-44228 with a CVSS score of 10 (the highest score).

 

Is the Log4Shell or Log4J vulnerability an issue for Opmantek?

No. Opmantek products do not use Java or Log4J, see more details here: Opmantek Products and Apache Log4J Vulnerability.

What is the Log4Shell Vulnerability? 

The Log4Shell is a zero-day vulnerability in Log4J, which allows attackers to execute arbitrary Java code on the remote computers, including accessing sensitive information.  The CVSS score is 10, the highest possible score.  You can read more details here: Log4Shell – Wikipedia.

 

What is Apache Log4J?

Apache Log4J is a popular library used by many products written in Java.  It provides a consistent way for applications to log messages including information, debug, errors, etc.  It has become the primary way Java applications do logging and is widely used.

 

How can Opmantek help you find computers that are using Log4J?

Log4J is a Java library which means that there are files installed onto the computer which Java loads when it runs the program.  You can search for these files using Linux commands and determine if the files exist on the server.

 

You can find a handy How-To guide here: Using opConfig to Detect Log4j on a server


The Log4Shell vulnerability is a serious one and should be treated as such.  Opmantek’s software is not vulnerable to Log4Shell, and if you are using Opmantek software you can use opConfig to assist you to find the computers which need to be patched.

 

4 Best Practices For Automating Your Network Management

4 Best Practices For Automating Your Network Management

This excerpt comes from a blog originally posted on MSP Insights

Murphy’s Law states: “Anything that can go wrong will go wrong.” Equipment always breaks when you’re on vacation, often when the on-call engineer is as far away as possible, and with little useful information from the network management software (NMS).

 

It’s critical for a network to be available 100% of the time and always performing at 100%. Network management is a core component of IT infrastructure that is put in place to minimize disruptions, ensure high performance, and help businesses avoid security issues. Network architectures and networking products handle the brunt of the work, but management tools and technologies are essential for picking up the slack and allowing the shift from reactive to proactive strategies.

 

Network automation can automate repetitive tasks to improve efficiency and ensure consistency in network teams. Ultimately, automation will improve the meantime time to resolve (MTTR) and drive down the total cost of ownership (TCO). Network automation enables staff to gain process and configuration agility while maintaining compliance standards. It will help simplify your network and lower maintenance costs.

 

Save Time And Money With Automation

According to Gartner, “The undisputed number one cause of network outages is human error.” As humans, we all make mistakes, which is why businesses must have comprehensive automation in place. Automation can reduce the likelihood of issues being missed by ensuring consistency and reducing the need for tedious manual configuration. It also can save time, money and improve productivity. The following are four steps organizations can take to build a reliable and agile network through automation.

 

1. Implement Operation Process Automation (OPA)

OPA is about getting the right systems in place to automate repetitive operational tasks to improve efficiency and ensure consistency in operations teams. OPA delivers process automation specifically to IT and network operations teams. As well as emulating actions that network engineers take within a network management system, OPA also can perform advanced maintenance tasks, assist in the interpretation of network data, and communicate effectively with other digital systems to categorize, resolve, and escalate potential network issues. Ultimately, OPA is about improving the MTTR and decreasing the cost of operations.

 

2. Improve Configuration Management

When considering automation solutions to scale your business, a critical variable to consider is time saved through automation compared to the amount of time tasks take if performed manually. A significant amount of administration time is consumed managing configurations and firmware updates, which could be better spent on proactive tasks. Organizations looking to become more efficient should consider an automated network management tool that integrates configuration management to reduce the risk of human errors and enable easier implementation of network-wide changes. This concept is not new, and it is the fundamental basis of making impactful decisions on how your organization can scale.

 

3. Single View Multi-Vendor Support

Most networks are composed of elements from multiple manufacturers. This can create challenges when overseeing the elements of each management system. A better, more efficient approach is to find and deploy management tools that offer true multi-vendor support. This will reduce the number of tools needed for day-to-day tasks and eliminate the need for learning and maintaining multiple management tools, which will improve operational responsiveness and efficiency.

 

4. Policy-Based Management Systems

Many common network administration activities should be handled by the network management system automatically. These systems should not require repeated configuration but be configured through a policy that captures the business rules and ensures that devices are handled consistently. Automated device discovery and classification is another important aspect, automatically determining what the device is, what to monitor, and what type of alerts and events will be generated, all without human intervention.

 

Combining People And Process Automation

According to Forrester, 56% of global infrastructure technology decision-makers have implemented/are implementing or are expanding/upgrading their implementation of automation software. It’s important to note that automation does not mean the replacement of individuals. Instead, it can benefit IT workers, by transferring routine and tedious elements of managing networks to machine learning models that can reduce the noise from the vast number of alerts and notifications. For organizations that are looking to scale, a combination of people and process automation will yield the best results book a demo from our experts to learn more.

Book a Demo

How To Leave Work At 5 PM: Visibility, Event Management & Automation

How To Leave Work At 5 PM: Visibility, Event Management & Automation

This excerpt comes from a blog originally posted on Packetpushers.net

As organizations manage increasingly interdependent network infrastructure in an increasingly chaotic world, how can you, as a Network Operations professional, maintain control of your network without losing control of your time?

The answers are: network visibility, flexible event management, and powerful automation. All of this is possible within Opmantek’s network management platform. The software streamlines workflows and lets network engineers and operators accomplish more work with fewer distractions, allowing them to go home on time.

The Importance Of Visibility

We often hear from network engineers that they don’t know what devices are on the network or where they’re located. This lack of visibility introduces security risks and increases Mean Time To Recovery (MTTR). The ability to see as much of the network as possible on a single dashboard allows for fast response times when you and your team need them most.

The robust network visualization tools built into Opmantek’s opCharts and opEvents give you the ability to see a network and react in real-time to precisely what’s happening with confidence. That’s essential for daily operations and in emergencies. For example, did you know that storm-related outages cost the U.S. economy up to $55 billion every year? When a major storm like Hurricane Sandy blasts through your infrastructure overnight, you’ll be able to identify the points of failure and…READ ON.

Book a Demo

Using a Commercial and Open Source approach to Tackle Network Assurance

Using a Commercial and Open Source approach to Tackle Network Assurance

Join Keith Sinclair as he joins the Passionate About OSS Podcast and talks about how using open source software is a key building block to running your networks. The podcast is also available on Anchor.fmSpotifyGoogle PodcastsRSSPocket CastsBreakerRadioPublic or streamed below;

Show Notes

Have you noticed the rise in trust, but also the rise in sophistication in Open Source OSS/BSS in recent years? There are many open-source OSS/BSS tools out there. Some have been built as side-projects by communities that have day jobs, whilst others have many employed developers / contributors. Generally speaking, the latter are able to employ developers because they have a reliable revenue stream to support the wages. Our guest on this episode, Keith Sinclair, has made the leap from side-project to thriving OSS/BSS vendor whilst retaining an open-source model. His product, NMIS, has been around since the 1990s, building on the legendary work of other open-source developers like Tobias Oetiker. NMIS has since become one of the flagship products for his company, Opmantek. Keith and the team have succeeded in creating a commercial construct around their open-source roots, offering product support and value-add products. Keith retraces those steps, from the initial discussion that triggered the creation of NMIS, its evolution whilst he simultaneously worked at organisations like Cisco, Macquarie Bank and Anixter, through to the IP buy-out and formation of Opmantek, where he’s been CTO for over 10 years. He also describes some of the core beliefs that have guided this journey, from open-source itself, to the importance of automation, scalability and refactoring. The whole conversation is underpinned by a clear passion for helping SysAdmins and Network Admins tackle network assurance challenges at service providers and enterprises alike. Having done these roles himself, he has a powerful empathy for what these people face each day and how tools can help improve their consistency and effectiveness. For any further questions you may have, Keith can be found at: https://www.linkedin.com/in/kcsinclair Disclaimer. All the views and opinions shared in this podcast, and others in the series, are solely those of our guest and do not reflect the opinions or beliefs of the organisations discussed.
[ENSAYO] Una guía para profesionales de TI sobre automatización de procesos de red

[ENSAYO] Una guía para profesionales de TI sobre automatización de procesos de red

Esta guía está diseñada para los gerentes de TI que buscan implementar la automatización de procesos de red en su organización.

Puntos clave:

  • Centrarse en buenas prácticas operativas.
  • Escogiendo las tareas correctas.
  • Manejo de problemas comunes a través de la automatización.
  • Mapeo del proceso de automatización.
  • Ahorro de tiempo.
  • Lista de Verificación.

 La guía habla de el mejor enfoque para la gestión del cambio y la aceptación del equipo, proporciona un marco metodológico para usar cuando se considera la automatización de una tarea manual en un entorno de red y los pasos a seguir para identificar un caso de prueba efectivo para tu organización.

Obtenga el libro electrónico