Trooper 3 Posted January 5 Share Posted January 5 Hi everyone, As per this article, https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability it states that if we have Network Attack Protection enabled we are protected. I have that enabled but I do not use the ESET firewall. See picture here. I need to know if we are still protected, or do we need to use the ESET firewall in conjunction with Network Attack Protection to be secure for the Log4J2 exploit? Thanks! Quote Link to comment Share on other sites More sharing options...
itman 1,151 Posted January 6 Share Posted January 6 (edited) An Eset moderator will have to confirm 100% if firewall is required. Based on what is shown here: Quote Network attack protection (IDS) – Analyzes the content of network traffic and protects from network attacks. Any traffic which is considered harmful will be blocked. ESET Endpoint Security will inform you when you connect to an unprotected wireless network or a network with weak protection. https://help.eset.com/ees/9/en-US/idh_config_epfw_ids_rules.html?idh_page_epfw_settings.html My opinion based on the above is the firewall is required. Note what I underlined. That protection is based on Network Inspection processing which is part of the Eset firewall protection. Edited January 6 by itman Trooper 1 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 3,989 Posted January 6 Administrators Share Posted January 6 Network attack protection works even if the firewall is disabled. Trooper 1 Quote Link to comment Share on other sites More sharing options...
Trooper 3 Posted January 6 Author Share Posted January 6 Thanks to you both. Now how can I setup notifications to be notified of this on an endpoint and/or server? Quote Link to comment Share on other sites More sharing options...
Trooper 3 Posted January 6 Author Share Posted January 6 In addition, would there be a way to test the notification? Thanks. Quote Link to comment Share on other sites More sharing options...
Trooper 3 Posted January 6 Author Share Posted January 6 Should I open up a ticket for these questions? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 3,989 Posted January 6 Administrators Share Posted January 6 17 hours ago, Trooper said: In addition, would there be a way to test the notification? Thanks. You would have to simulate an actual attack to get a notification about security vulnerability exploitation attempt. Trooper 1 Quote Link to comment Share on other sites More sharing options...
Trooper 3 Posted January 6 Author Share Posted January 6 18 minutes ago, Marcos said: You would have to simulate an actual attack to get a notification about security vulnerability exploitation attempt. Got you. Do you know what specific notification would need to be enabled on the endpoint? Quote Link to comment Share on other sites More sharing options...
itman 1,151 Posted January 6 Share Posted January 6 (edited) https://www.picussecurity.com/resource/blog/simulating-and-preventing-cve-2021-44228-apache-log4j-rce-exploits Edited January 6 by itman Trooper 1 Quote Link to comment Share on other sites More sharing options...
Trooper 3 Posted January 6 Author Share Posted January 6 15 minutes ago, itman said: https://www.picussecurity.com/resource/blog/simulating-and-preventing-cve-2021-44228-apache-log4j-rce-exploits Thanks a lot for this link! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.