[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Accepting a Virtualized Functions (VNFs) into Corporate IT

Subject: Accepting a Virtualized Functions (VNFs) into Corporate IT
From: rsk at gsp.org (Rich Kulawiec)
Date: Mon, 28 Nov 2016 13:44:25 -0500
In-reply-to: <CALb2afMbnhUY1C8=_ZtzB4dfF7VGz9Q=M9zWdJ+mu3RDWM1YkA@mail.gmail.com>
References: <CALb2afMbnhUY1C8=_ZtzB4dfF7VGz9Q=M9zWdJ+mu3RDWM1YkA@mail.gmail.com>

On Mon, Nov 28, 2016 at 09:53:41AM -0800, Kasper Adel wrote:
> Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they
> refuse to give you root access, or any means necessary to do 'maintenance'
> kind of work, whether its applying security updates, or any other similar
> type of task that is needed for you to integrate the Linux VM into your IT
> eco-system.

Thus simultaneously (a) making vendor X a far more attractive target for
attacks and (b) ensuring that when -- not if, when -- vendor X has its
infrastructure compromised that the attackers will shortly thereafter
own part of your network, for a value of "your" equal to "all customers
of vendor X".

(By the way, this isn't really much of a leap on my part, since it's
already happened.)

---rsk

Follow-Ups:
- Accepting a Virtualized Functions (VNFs) into Corporate IT
  - From: rbf+nanog at panix.com (Brett Frankenberger)

References:
- Accepting a Virtualized Functions (VNFs) into Corporate IT
  - From: karim.adel at gmail.com (Kasper Adel)

Prev by Date: Accepting a Virtualized Functions (VNFs) into Corporate IT
Next by Date: Comcast business IPv6 vs rbldnsd & PSBL
Previous by thread: Accepting a Virtualized Functions (VNFs) into Corporate IT
Next by thread: Accepting a Virtualized Functions (VNFs) into Corporate IT
Index(es):
- Date
- Thread