Security News > 2022 > January > How would zero trust prevent a Log4Shell attack?

The consequence of a Log4Shell attack is that the exploited server tries to download code from an internet site owned by the attacker.

Even if a Log4Shell vulnerability is exploited in the server, it cannot download and later run any malicious code, as the outgoing traffic from the DMZ to the internet would have been prohibited.

A strictly defended DMZ could prevent a Log4Shell attack, as exploited servers mostly use protocols to download the malicious codes, but it is hard to imagine legitimate reasons to permit the use of these protocols to access anything, or at least a random site on the internet, especially from a DMZ. Zero trust specifies and generalizes the methods and approaches that have already been applied in any DMZ. Zero trust requires the least privilege principle.

A remote code execution attack does not necessarily require an external server on the internet from where the malicious code is acquired.

If we follow the principles of zero trust, only the public service of a server in the DMZ can be accessed from the internet.

To avoid the consequences of vulnerabilities such as Log4Shell, we must control how resources can be accessed, how they can access other resources, and how these access rules can be enforced on the network using the least privilege principle and other principles of zero trust.

News URL

https://www.helpnetsecurity.com/2022/01/27/zero-trust-log4shell/