On Mon, Nov 28, 2016 at 01:44:25PM -0500, Rich Kulawiec wrote: > On Mon, Nov 28, 2016 at 09:53:41AM -0800, Kasper Adel wrote: > > Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they > > refuse to give you root access, or any means necessary to do 'maintenance' > > kind of work, whether its applying security updates, or any other similar > > type of task that is needed for you to integrate the Linux VM into your IT > > eco-system. > > Thus simultaneously (a) making vendor X a far more attractive target for > attacks and (b) ensuring that when -- not if, when -- vendor X has its > infrastructure compromised that the attackers will shortly thereafter > own part of your network, for a value of "your" equal to "all customers > of vendor X". > > (By the way, this isn't really much of a leap on my part, since it's > already happened.)
Sure. But that's mostly the risk of running a black-box appliance. It doesn't really matter if it's a VM or a piece of hardware. Businesses that are comfortable with physical appliances (running on Intel hardware under the covers) for Router/Firewall/Whatever accept little additional risk if they then run that same code on a VM. (Sure, there's the possibility of the virtual appliance being compromised, and then being used to exploit a hypervisor bug that allows breaking out of the VM. So the risk isn't *zero*. But the overwhelming majority of the risk comes from the decision to run the appliance, not the HW vs. VM decision.) -- Brett