EXECUTIVE SUMMARY

The report hereby presents the final findings of the penetration testing report conducted on April 1, 2023, on the internal networks of the firm Khodays India Limited. The findings were critical and discovered several vulnerabilities that could be exploited by the attackers, which can affect the Confidentiality, integrity, and availability of the company’s sensitive information and networks.

The most critical and significant vulnerability observed during the assessment was Log4j which affected all the Java servers with Java Applications. This vulnerability can pave the way for potential attackers to access sensitive data and modify or manipulate the applications and servers. This could result in operational failure and affect the users and employees.

To address this vulnerability, we recommend that Khodays India Limited to update to the latest patched version of the Log4j library or else implement a temporary workaround. Moreover, implement thorough monitoring of the application’s code. Frequent assessment and penetration testing should be implemented to review vulnerabilities that can arise in the future.

By following these commendations, the potential risk that can arise from this vulnerability can be alleviated, ensuring a secure working environment and helping to protect the confidentiality, integrity, and availability of the information and systems of Khodays India Limited.

RISK ANALYSIS

CVE-2021-44228 or Log4j vulnerability has been identified in Apache Log4j software, an open-source logging framework used by various software applications. This vulnerability paves the way for attackers to attack the vulnerability-possessed version of log4j by executing arbitrary code to the servers, creating data loss and operational failure. The CVSS (Common Vulnerability Scoring System) has reported that the versions of Log4j, including 2.0-beta9 to 2.14.1, had a severe threat as it scored a ten (10) on the scoring system. Due to the severity and the impact, it can create, it was considered a critical vulnerability and received widespread attention worldwide. Therefore, Organisations using the versions stated above should be instantly updated and take proper measures to address this vulnerability to prevent data breaches and operational failure.

ASSESSMENT REPORT(LIKELIHOOD)

Figure 1: - Bar graph describes systems with possible chances of risk.

Figure 2: - CVSS score chart of Log4j vulnerability.

Figure 3: - summary of the vulnerability using priority.

Figure 4: -SSH port was found to be open.

Ip address: -

SYSTEM1TEST- 10.174.8.54

SYSTEM2TEST-10.174.8.67

SCOPE OF IMPACT

In the detailed assessment of Khodays India Limited, we have identified specific systems and applications exposed to this vulnerability is pointed it out, and filtered using the severity it can affect.

1.      System1test- Web application server- maintained by Java developers using Apache camel.

2.     System2test: - Application server- used by PHP code analysts.

These systems should be addressed immediately as they have an elevated probability of affecting the vulnerability and consider as a high-priority class.

These vulnerabilities can be exploited easily by a hacker, which allows them to send arbitrary code on these servers and which may cause disruptions to the network. They steal sensitive information such as credit card information, social numbers, user login information, etc., and act to transmit ransomware attacks. It paves the way for cyberattacks on organizations, users, and stakeholders. So, we recommend Khodays India Limited to take quick steps to protect the system and data from log4j vulnerability.

NB: - Updating the logs should follow the change management procedures for flawless execution.

REMEDIATION METHODS

By deeply analysing the situation of Khodays India Limited, we have come up with some strategic solutions to overcome the Log4j vulnerability. These remedies have been classified and structured through different sets of prioritization and thorough reviewing of the vulnerability. We have a specified set of highly qualified individuals who prepare these fixes from short-term to long-term.

Short-term remediation methods: -

These short-term remediation methods focus on immediate sessions to mitigate the vulnerability.

a.     Disabling the log4j and implementing log4j filters: - As log4j is not directly linked with the Operating System, halting it and applying new filters can discard the malicious payloads of the server from the attacker’s network.

b.     Applying the log4j patches released from the Apache Foundation can help mitigate it faster.

c.     Use additional security measures such as Ip filtering, MAC filtering, etc.

d.     Enabling advanced and customized firewall settings.

Mid-Term remediation methods: -

These focus on planning outages and setting up backup and data storage settings on company premises or using a trusted third-party organization.

a.     A broad evaluation should be done to identify the threats, which can also be helpful for long-term efforts.

b.     Security controls such as firewalls, tools like intrusion detection systems, and network segmentation can prevent attacks.

c.     Applications should be moved safely to a separate server and move the components from the Demilitarized zone.

d.     Data screening, data filtering, and data cleansing should be implemented.

e.     Security protocols should be updated and put highly secure policies and enable encryption-based packet filtering and transmission.

f.      Review the file permissions and upgrade them to the company’s needs.

Long-term remediation methods: -

These long-term remediations provide a long -term solutions; they are listed down: -

a.     Upgradation to the newer version of the log4j version can help to mitigate the threat and helps from possible future vulnerabilities.

b.     A revised vulnerability assessment practice should be done to identify and mitigate upcoming attacks.

c.     Redesign the application and web server with completely advanced security tools.

d.     The user permissions must be monitored and restricted access based on their needs.

e.     The security policies should be updated and provide more enhanced security measures.

f.      Provide adequate training to employees and staff about the vulnerabilities and risks they possess.

FUTURE CONCERNS: -

The log4j vulnerability has a critical and damaging effect on the system and can, in turn, steals data from the users and organization. They have severe capabilities which can damage the reputation of Khodays India Limited. and can bring profound loss in profit. Preventive measures such as updating the patch of the log4j application and implementing regular monitoring can help tackle this vulnerability.

Since Log4j is a commonly used login library, it is straightforward to filter the server to prevent it and monitor that everyone is using the latest patch updated version. Many attackers rely on data and sensitive information, from script kiddies to threat groups. So always take a step ahead to prevent data breaches and operational failure.

CONCLUSION: -

The log4j vulnerability is very severe and can result in serious damage to the reputation of the organization as well as to the user’s data. Organizations using these vulnerable versions of Log4j vulnerability should be updated immediately and implement proactive measures. It is advised to all employees and stakeholders to review the servers regularly and prepare an assessment sheet. A patch updating the system and using tools like intrusion detections and firewalls can helps to find these vulnerabilities up to a certain point. Readily available tools, such as Tenable, can help scan log4j vulnerabilities. Staying ahead of the curve is recommended to protect the network and system from vulnerabilities.