Lots of firms have been scrambling to patch systems that use log4j due to the recent vulnerability that has been announced.
Replify are pleased to confirm that none of our products use log4j. This means all Accelerator Clients, Virtual Appliances and Enterprise Managers are unaffected by this vulnerability.
Recommendations for Public Internet Appliances
Replify Accelerator is usually deployed on Enterprise environments that are behind a firewall or VPN. However some of our customers have virtual appliances and enterprise managers exposed to the internet.
For these environments, we recommend taking reasonable security precautions.
- Protect your appliance with a firewall. Only expose TCP ports that need to be exposed on the internet. For example, does the Admin GUI need to be available to all users?
- Use SSH private key authentication for remote access to the appliance
- Use HTTPS when accessing the GUI and force HTTPS redirection for any HTTP requests. Note that the default certificate and CA can be re-configured or replaced with your own certificates
- Configure the appliance to encrypt all data connections using TLS v1.3
- Review the TLS configuration for any application servers that have been added to the appliance
- Configure Secure Peer Authentication to ensure that only authorized clients can connect to the appliance
See the our Resources page for links to manuals if you need help configuring the above.
If you have any queries or concerns regarding using a Replify Accelerator Virtual Appliance on the internet, please get in touch at contact@replify.com