Concerned with Log4Shell or Log4J Vulnerability?

Concerned with Log4Shell or Log4J Vulnerability?

Every Christmas for the last while we have been getting security alerts, last year we got the issues with Solarwinds and this year we got Log4Shell/Log4J CVE-2021-44228 with a CVSS score of 10 (the highest score).

 

Is the Log4Shell or Log4J vulnerability an issue for Opmantek?

No. Opmantek products do not use Java or Log4J, see more details here: Opmantek Products and Apache Log4J Vulnerability.

What is the Log4Shell Vulnerability? 

The Log4Shell is a zero-day vulnerability in Log4J, which allows attackers to execute arbitrary Java code on the remote computers, including accessing sensitive information.  The CVSS score is 10, the highest possible score.  You can read more details here: Log4Shell – Wikipedia.

 

What is Apache Log4J?

Apache Log4J is a popular library used by many products written in Java.  It provides a consistent way for applications to log messages including information, debug, errors, etc.  It has become the primary way Java applications do logging and is widely used.

 

How can Opmantek help you find computers that are using Log4J?

Log4J is a Java library which means that there are files installed onto the computer which Java loads when it runs the program.  You can search for these files using Linux commands and determine if the files exist on the server.

 

You can find a handy How-To guide here: Using opConfig to Detect Log4j on a server


The Log4Shell vulnerability is a serious one and should be treated as such.  Opmantek’s software is not vulnerable to Log4Shell, and if you are using Opmantek software you can use opConfig to assist you to find the computers which need to be patched.

 

How to stabilise & audit using network configuration and compliance monitoring

How to stabilise & audit using network configuration and compliance monitoring

What is Network Configuration and Compliance Monitoring

Network Configuration and Compliance Monitoring (or NCCM) is a system that works closely with all devices in a set network, transmitting and receiving data from a wide range of devices to ensure that everything is acting in a compliant manner. In addition to this, NCCM can ensure that your devices are configured correctly, and in the case that they are not, can schedule reconfigurations at a time that is convenient to the user.

Automating NCCM processes is often required because companies often have thousands of devices that cannot be handled manually, making the entire process far simpler and more accurate through automation. One example of an NCCM is Opmantek’s “NMIS”, a network management system designed to offer comprehensive information to network engineers to assist in the diagnosis and resolution of network problems.

Change detection and rectification

When dealing with a device configuration, there are relatively few commands that you need to be aware of to know exactly how it is set up. In theory, by remembering these and applying them to a new device, it should act identically to the previous one. When these configurations change and nobody is informed, however, it can become incredibly difficult to replace the device should it become faulty.

By implementing effective change detection, which discovers any configuration adjustments in a device, you can stay on top of all of your device configurations and replace them with ease. Additionally, you can receive alerts to let you know of every configuration change, and how many times the configuration has changed. This change detection can be used with products such as “opConfig”, which processes and records configuration changes across entire networks.

Device configuration changes

The configuration backups are all saved without restriction, so reverting to any previous configuration is incredibly simple. Your NCCM can keep hourly backups of your configuration settings, allowing you to revert a previous device, router or switch to a previous version when the device was working as intended. This will either resolve the issue or inform you that the issue is likely with the hardware in use (in which case you can simply install new hardware with the successful configuration in place).

Servers and network scanning

In addition to tracking the configuration of your devices, it’s also possible to use an NCCM as a performance tracking tool. By performing automated network management, the system is also taking in significant amounts of data, including the levels of packet loss within servers over a set period of time. This can help you in an audit to establish whether the performance of a particular server is degrading. If the performance declines, you can compare this data with configuration changes to ensure that your network is using the optimal settings, and resolve the issue without having to go through a more thorough investigation of your network. The data is already collected and ready to be analysed.

Try Opmantek’s products

If you’re interested in Opmantek’s range of products and would like to learn more, listen to Packet Pushers’ episode with Keith Sinclair, or contact us today. We are proud to offer effective solutions to IT departments, providing meaningful and actionable data to assist in the troubleshooting process.

3-Steps To Increase Your Automated Event Management

3-Steps To Increase Your Automated Event Management

Recent advances in Operational Process Automation at Opmantek means that our MSP customers can deliver exceptional value to their clients; exceeding their SLAs whilst becoming incredibly sticky.

Are you facing any of the challenges below?

  • Cost pressures as clients try to drive down prices.
  • Ability to meet your SLAs due to overworked technical teams.
  • Absolute reliance on one or two technicians to keep your clients happy.
  • Challenges in retaining level 3-4 technical resources.
  • Significant burdens in maintaining accreditation.
  • Managing increasingly complex client networks.
  • Retaining skills associated with client legacy networks.

Resolve these challenges with incredibly rapid ROI and amazingly low TCO

Opmantek has long believed that Operational Process Automation is one of the foundational pillars for a successful network management strategy. A key piece to this is ensuring that actions are undertaken in a consistent manner each time, with no variation from what is outlined as the standard protocol.

This will help you to:

  • Simplify the procedure
  • Reduce cost
  • Deliver consistent outcomes with your agreed SLAs

Through the use of “context sensitive event actions”, you may now replicate troubleshooting actions and escalation procedures, dynamically.

Example Use Case

1. Issue with Cisco Interface Identified

Here’s the event log for the entire network. Our event management system automatically parses incidents on your client’s networks into Events.

chevron_arrow_down
context_sensitive_actions_step1
2. Context sensitive action bar initiated

Once a specific event has been identified “Context Sensitive Actions” are displayed against the event either automatically or by guiding your NOC team through the steps to remediate.

chevron_arrow_down
context_sensitive_actions_step2
3. Cisco remediation commands executed

The system automatically creates a ticket in the system, pings the affected nodes and Troubleshoots (TS) the Cisco Interface. Once those actions conclude, the results are displayed on the event itself! The operator may now take further action or simply close out the Ticket.

context_sensitive_actions_step3

All of this can happen without the NOC or your client knowing there was ever an issue. Save time, save money and increase your clients’ satisfaction. If you’re interested in taking advantage of these incredible capabilities, please fill in the form below;

Book a Demo

[White Paper] NMS Security Architecture Considerations and Approaches

[White Paper] NMS Security Architecture Considerations and Approaches

This whitepaper by Principal Consultant of Neon Knight Consulting Anthony Kirkham covers how organizations can increasing the probability of detecting breaches using actionable guidance that will strengthen their Network Management’s security posture. Download the asset below.


Key Points:

    • How quick detection may be the difference between being able to respond quickly and effectively, or, incurring a severe business and reputational impact.
    • Practical guidance & solutions on securing Network Management systems and associated infrastructure
    • Mitigation Strategies to Prevent Malware Delivery and Execution
    • Mitigation Strategies to Limit the Extent of Cyber Security Incidents
    • Mitigation Strategies to Recover Data and System Availability
    • Tools & techniques can be used to provide high value in improving the security posture through Visibility.
    • Why Align with Zero Trust Architectures
    • & more!

Get the White Paper

4 important Open-Source Network Management Statements Addressed

4 important Open-Source Network Management Statements Addressed

To Open-Source or to not Open-Source, that is the question.

Does your company use Apache, Tomcat or Linux? Do you use Wireshark? If you do, you are already using open-source software.

Open-Source software is cost-effective assuming that you have IT staff, good training, documentation and access to quality support.

Yes, that’s true. But that can be true for any software product that your technical team is responsible for. However, you will blow out costs if you choose the wrong software, lack commitment, have skill set issues, or you suffer from implementation problems or other long term problems.
At Opmantek, we never want this for our customers. Before COVID-19, we offered on site training, which we’ve now switched to remote. (We look forward to meeting our customers again face-to-face.) We have a complete key-turn implementation service (sometimes referred to as white glove). We offer further development and customization to suit your business, advice and recommendations through our consulting services. And most importantly we offer complete support for all our Open-Source and Commercial products.

Open source isn’t counterculture anymore. It’s the establishment.

Klint Finley – Wired.

Open-Source software that comes with commercial modules will provide you access to enterprise features.

True. At Opmantek, our business was initially providing commercial support for the Open-Source products and due to demand for enterprise and MSP features, additional commercial modules were developed to fill customer requests. Our Enterprise Support customers also help guide our product roadmap.

Open-Source software is continually evolving through community activity.
At Opmantek, our community is made up of the Open-Source users, Customers and our staff. We pay our development staff to maintain and continue the development of the open-source products and to support the community as well as improving and maintaining our commercial modules.

Open-Source software support is commercially available for the product.
Opmantek offers commercial support for the Open-Source software. Rather than repeat ourselves you can read all about our support here.

Even Microsoft went from “Linux is a cancer” to “We love Linux”.

They now use and release open-source software such as it’s popular .NET programming framework and they even use Linux to run parts of its cloud service Azure and have shared their own Linux tools within the community.

Open-source software is not a dirty fork, it’s the way of the future.

Background:
Opmantek provides Open-Source software NMIS and Open-AudIT community and continues to provide commercial support for these products for almost 10 years. Opmantek has further developed these products over the years, while keeping them open-source and offering commercial enhancements (Enterprise features, MSP features, huge scaling capabilities and automation) via additional modules that make up Opmantek’s Automated Network Management Software. It can be used on any network and monitor any device.