On Mon, Nov 28, 2016 at 09:53:41AM -0800, Kasper Adel wrote: > Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they > refuse to give you root access, or any means necessary to do 'maintenance' > kind of work, whether its applying security updates, or any other similar > type of task that is needed for you to integrate the Linux VM into your IT > eco-system.
Thus simultaneously (a) making vendor X a far more attractive target for attacks and (b) ensuring that when -- not if, when -- vendor X has its infrastructure compromised that the attackers will shortly thereafter own part of your network, for a value of "your" equal to "all customers of vendor X". (By the way, this isn't really much of a leap on my part, since it's already happened.) ---rsk
