nanog mailing list archives

Re: Accepting a Virtualized Functions (VNFs) into Corporate IT

From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 28 Nov 2016 13:44:25 -0500

On Mon, Nov 28, 2016 at 09:53:41AM -0800, Kasper Adel wrote:

Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they
refuse to give you root access, or any means necessary to do 'maintenance'
kind of work, whether its applying security updates, or any other similar
type of task that is needed for you to integrate the Linux VM into your IT
eco-system.


Thus simultaneously (a) making vendor X a far more attractive target for
attacks and (b) ensuring that when -- not if, when -- vendor X has its
infrastructure compromised that the attackers will shortly thereafter
own part of your network, for a value of "your" equal to "all customers
of vendor X".

(By the way, this isn't really much of a leap on my part, since it's
already happened.)

---rsk

Current thread:

Accepting a Virtualized Functions (VNFs) into Corporate IT Kasper Adel (Nov 28)
- Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Mark Tinka (Nov 28)
  - Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Denis Fondras (Nov 29)
    - Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Alexander Harrowell (Nov 29)
    - Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Mark Tinka (Nov 29)
- Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Jared Mauch (Nov 28)
  - Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Mark Tinka (Nov 28)
  - Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Leo Bicknell (Nov 29)
- Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Rich Kulawiec (Nov 28)
  - Re: Accepting a Virtualized Functions (VNFs) into Corporate IT Brett Frankenberger (Nov 28)
- Re: Accepting a Virtualized Functions (VNFs) into Corporate IT James Downs (Nov 28)