Announcement

**dashpuppy** · 12-19-2021, 07:39 PM

Originally posted by fasttech View Post

Just out of curiosity, if Connect to Command Center is disabled and has been disabled on an install for months now, how is it that Threat History in the Command Center is populated with all the occasional attachments that have triggered Virus Blocker on that install?

First Of all, why would you disable Command center ?

**sky-knight** · 12-19-2021, 08:03 PM

I'm pretty sure it connects anyway, I'm just not sure exactly when. Possibly on admin login? I've seen the same behavior at times, but never took the time to look into it.

**donhwyo** · 12-20-2021, 07:14 AM

Originally posted by dashpuppy View Post

First Of all, why would you disable Command center ?

Maybe because they might be vulnerable to log4j etc.

Just because you know you are paranoid doesn't mean they are not after you.

**dashpuppy** · 12-20-2021, 07:35 AM

Originally posted by donhwyo View Post

Maybe because they might be vulnerable to log4j etc.

Just because you know you are paranoid doesn't mean they are not after you.

Turning off the Command center doesn't make sense to do at all...

**sky-knight** · 12-20-2021, 08:26 AM

Untangle's Command Center is hiding behind Cloudflare's Web Firewall, which has been dealing with Log4j far longer than anything else.

Not to mention its age, I'd be highly surprised if Untangle built it based on any JAVA at all to have Log4j involved. If they did, that was rather silly of them. But regardless, I'd assume such a platform is already updated to a version of Log4j that isn't hopeless?

As for the Command Center, as a matter of principle I also have that feature disabled on all of my units, my NFR is one exception. Why? Because the systems in question ARE NOT MINE! They each belong to someone else that I'm providing support for. It's not appropriate to have them all piled up in my Command Center, exposing them all to my technical risks as well as their own.

Secured Islands, it's a concept critical to defense in depth. You ask why would you turn that off, and I respond why did you turn it on?

**hpaunet** · 12-21-2021, 07:28 AM

Confirming Command Center is not vulnerable to the recent log4j vulnerabilities.

**dashpuppy** · 12-21-2021, 07:41 AM

Originally posted by sky-knight View Post

Untangle's Command Center is hiding behind Cloudflare's Web Firewall, which has been dealing with Log4j far longer than anything else.

Not to mention its age, I'd be highly surprised if Untangle built it based on any JAVA at all to have Log4j involved. If they did, that was rather silly of them. But regardless, I'd assume such a platform is already updated to a version of Log4j that isn't hopeless?

As for the Command Center, as a matter of principle I also have that feature disabled on all of my units, my NFR is one exception. Why? Because the systems in question ARE NOT MINE! They each belong to someone else that I'm providing support for. It's not appropriate to have them all piled up in my Command Center, exposing them all to my technical risks as well as their own.

Secured Islands, it's a concept critical to defense in depth. You ask why would you turn that off, and I respond why did you turn it on?

I really hope Untangle works on some Proper 2FA stuff 2022. THis simple email 2FA code is not acceptable these days and should be resolved... It's one of the things i get questioned every day about Selling more Untangle appliances and stuff, do they have Proper 2FA yet ? When i say no people drop the conversation and say then we won't use the product then.

**sky-knight** · 12-21-2021, 08:30 AM

Originally posted by dashpuppy View Post

I really hope Untangle works on some Proper 2FA stuff 2022. THis simple email 2FA code is not acceptable these days and should be resolved... It's one of the things i get questioned every day about Selling more Untangle appliances and stuff, do they have Proper 2FA yet ? When i say no people drop the conversation and say then we won't use the product then.

Well, in theory the Command Center can be SSO'd to M365 or GSuite, and therefore use the 2FA there, but I've only managed to lock myself out. Ticking the box enforces the requirement, but there's no setup! And if there's documentation on how that process works I've sure missed it.

But without MFA on the LOCAL ADMIN LOGINS to all products in question, properly 2FA'ing the Command Center is largely moot.

And yes, this should have been in the product ages ago, we were PROMISED it to be in the product when they inserted OpenVPN to the phrase after the fact and let us all down. Not that we don't need that too... but still.

**JackMSchneider** · 01-12-2022, 08:44 AM

vulnerable to log4j may the the reason

**grumpy_admin** · 01-24-2022, 08:31 AM

I'm curious too. Is it vulnerable?

**jcoehoorn** · 01-24-2022, 10:11 AM

Command Center is NOT vulnerable to log4j!

It was only ever brought up as an example... if not log4j today, what new vulnerability tomorrow? Ie: if you're not really using it because you only have one Untangle installation and have good VPN/remote access setup on your own, Command Center only represents increased attack surface.

**sky-knight** · 01-24-2022, 10:58 AM

Exactly due to the nature of NGFW, and Microedge, the Command Center is always additional attack surface.

The question is, does the additional attack surface do something for you that makes it worth the risk? That's something everyone has to answer on their own.

But no, I do not believe Command Center uses Java code, which means no Log4j at all to be vulnerable in this case. But again EVEN IF IT DID, it'd still be mitigated because the command center is 100% behind CloudFlare's amazing proxy service. And Cloudflare was very much out in front on the log4j situation just as they are everything else.

Untangle is paying the right people to secure access to Command Center, it's gold star, doesn't get any better. Untangle has Untangle'd Command Center. You don't have to functionally worry about it.

The product is missing features, but it's deployed very well.

**dashpuppy** · 01-24-2022, 06:58 PM

Originally posted by sky-knight View Post

Exactly due to the nature of NGFW, and Microedge, the Command Center is always additional attack surface.

The question is, does the additional attack surface do something for you that makes it worth the risk? That's something everyone has to answer on their own.

But no, I do not believe Command Center uses Java code, which means no Log4j at all to be vulnerable in this case. But again EVEN IF IT DID, it'd still be mitigated because the command center is 100% behind CloudFlare's amazing proxy service. And Cloudflare was very much out in front on the log4j situation just as they are everything else.

Untangle is paying the right people to secure access to Command Center, it's gold star, doesn't get any better. Untangle has Untangle'd Command Center. You don't have to functionally worry about it.

The product is missing features, but it's deployed very well.

Now they just need to setup proper 2fa instead of email 2fa codes

DAMN i can wish hard on this !

**sky-knight** · 01-24-2022, 07:03 PM

Originally posted by dashpuppy View Post

Now they just need to setup proper 2fa instead of email 2fa codes

DAMN i can wish hard on this !

The only thing worse than bad software is good software that's almost perfect!

Announcement

Just out of curiosity, if Connect to Command Center....

Just out of curiosity, if Connect to Command Center....

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment