On Mon, Nov 28, 2016 at 09:53:41AM -0800, Kasper Adel wrote:
Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they refuse to give you root access, or any means necessary to do 'maintenance' kind of work, whether its applying security updates, or any other similar type of task that is needed for you to integrate the Linux VM into your IT eco-system.
Thus simultaneously (a) making vendor X a far more attractive target for attacks and (b) ensuring that when -- not if, when -- vendor X has its infrastructure compromised that the attackers will shortly thereafter own part of your network, for a value of "your" equal to "all customers of vendor X". (By the way, this isn't really much of a leap on my part, since it's already happened.) ---rsk