Accepting a Virtualized Functions (VNFs) into Corporate IT

Rich Kulawiec rsk at gsp.org
Mon Nov 28 18:44:25 UTC 2016


On Mon, Nov 28, 2016 at 09:53:41AM -0800, Kasper Adel wrote:
> Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they
> refuse to give you root access, or any means necessary to do 'maintenance'
> kind of work, whether its applying security updates, or any other similar
> type of task that is needed for you to integrate the Linux VM into your IT
> eco-system.

Thus simultaneously (a) making vendor X a far more attractive target for
attacks and (b) ensuring that when -- not if, when -- vendor X has its
infrastructure compromised that the attackers will shortly thereafter
own part of your network, for a value of "your" equal to "all customers
of vendor X".

(By the way, this isn't really much of a leap on my part, since it's
already happened.)

---rsk



More information about the NANOG mailing list