Re: [PLUG] Fwd: VMware Releases Security Update

brent timothy saner on 17 May 2018 05:27:34 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fwd: VMware Releases Security Update

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Fwd: VMware Releases Security Update
Date: Thu, 17 May 2018 08:27:20 -0400
Autocrypt: addr=brent.saner@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFKm0mgBEADSI5oeyqRYZ8YWxPbux4CeqaMNh4etuyJmglDRCQB9t1XlvhMDLZWQNqm+ ORBN3YGISUu+X55p10lK/O1w/85zXkAV7Qe6fkvUzSx0tbPWLu4rn4zH9JgTExElhFRv143H W/EKehejEetkNz6JSwGUXNiF5qh1GbKLOmShbmCSKXLcmw05Qj4ELmhkH9OWXpeM0EHmWIEK VSeoIim/g1MYYxKOb1wY3DEubY9zn3lfz9xfLq/xlFMepDyNAEer/qZDSHQqnymdqXlt6L9e mfd4snHLiDfUgG9JOPeMDWeT6XWJDtKKCcZ3JDSMEGgZsFYpwJxJEwPxnfhHJmH8ENxi/8Cu 0fLFvzgAP+VK/Z1egBI7l241fDDREg3e+NWFhUM5bjwBmqk1z8nkRdru+QSMtPl6Erkd+Tbp 7lGGpQwCbI6esdBPkx/nV8+fIPEcsR2G5jG7O9U4J6q3B1nRFrR863SJHudIWV/l59ZvA8kI knDYNOixPLmnoRrO7LNIWe9jpnkZdg34Aa5AjAjGEKwY5EAzqkKuPEMVGqg/36YUcnqYS98W iVgCpaGg6KJqCMVXBfugxd79rtkyT4Oeju/z/Yp2xxXm3Pqcocb1CxbiEYDLJNT7/hyIJ072 4asMz2DTDMIMciP93hPraEtINknPlerNX2XqK03D+gyBGqAL7QARAQABzStCcmVudCBUaW1v dGh5IFNhbmVyIDxicmVudC5zYW5lckBnbWFpbC5jb20+wsF8BBMBAgAmAhsDBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AFAlLzvnsCGQEACgkQjABML5NIH2vQHxAArz6yjoQqUPoOFBRF P6hXHcMegvh4vZ0xOcoU+7KyUyD2f5jYivQFSVYcRDr7hyHTs3iRr0HKN8dUUSyLkNCc+rd2 FwqftUF2JLqlqpJ4HDXw+5L2rw0+0voy7JpRNtoGlfkh32SHIbTmNwVIFm1yVg+xNk0RAvl8 /NnPzgi0IKgOJNcxicLpy0f0o/uWHKcm6uS8SBZL3col1Wuhwqt/VY7Nz0cCF7IrRNGyMMPF PMRq3A5144U81WQR94iGlpvWku/qnFAvC9NNTllCwFYpiuI2BkndlPO3YqOwcGbVTOO765la Qz9EQn9b9ipnPjOSp9HLhu53RoJyUWogBtijCzEgODYJuflPWoXG4ubB11wP2CRPZzj3KqFE cShAyNwE2bAtHwtqsksII3J46EEQDrHam/0D6F+jNMZK31E/ET9WcdzZhFRGaBd748dRcaoH BaHpviH+GtRZiWtrR0238Df05MtZPTlZi2t4icBIGVN4j0mcMbgVY/5CudLQGa7BSjnKR/uy hJI7ANOHCsIud6rIB9s5qly60bXjOZ4hG1iFIhUFC+zgrOYGZLbJgCaKd5sdBCWOsQwInD/X eWO+6p4bW0YIp0YXZA5+0Uo8EP4t+NzvfGhe19gy8hrJYZGSW1PJDvqvs+b5XO2j5Be6ec2Y 09Ta99U94SxWp3nXpKTOwU0EUqbSaAEQAMIB/UpTre+NGzkvTmO6wnfQuzJKEEWnX2p/+eQF ZgDhObvwhvZr7C3I9wP3JnAP3LoJqrnmp78qE2v7snlSG1i66hqcj8Cw2EkBRLFsseva2uI5 B63RLrV0tTXN86nmHhw8qJ2GBu84Ddw7KtYoCRbq902eWsgWxRJVwAK+ip24tVVJxaR23nkO FwU+suYRDhiM9GLVj2waomgJK60dhxLOLZSRwJ0S1A2pu16GEx8USEoz7WNDJgx8PJPSzyH5 U7h9hXhpTEvS8nOV5G7YhksKBR6ECjmleCSehBaotVTAhXTfoh9fyCusMBwizLBoS8GmPUnv nUlvJzyAzu1KxnFzpwEk9ZBgLqWxzC/i4PZKrpqG7n5JqgEl0gg+7fn5Sdwq14Trg+djDGa5 c8n5hXEyszWTka53AhVCn8yq01zYNZoMDG6adYku/g3n5mBxKYuSoMkzuPRgihpsrhN/0RGY nJRDw5cpAjywWhTfFWGaAz6mDNhCV9daoqAoFjmIt9PAFeTrHj0XZXW7C53t4Qor9Nc5goh5 jlw7vv58CpdF0dPF6jLhDL2AYtplqwdPQr8+hj8WyFW8Rbj/OOj/z/JdDa6xCqfvh0udGLVa FDwQXZ1D4sqjwABhqdCppYb9TSq0TzR2LyZDnn/JZied2Q2LypPbsoGa3qd//w5W6NczABEB AAHCwV8EGAECAAkFAlKm0mgCGwwACgkQjABML5NIH2tCDBAAiMHQIKXCnm3XOcBuArJ8l0Yp W7q9KWF1YtmK+Jg+JqF8vTR7qvJ1djpVJVzCbL73bSrw24bLjHhcATuBsQxYPu2sSulcPB8n ri3ki/rWiWpNtjykKi6z56o+vDmbVH8UyA++zHQIaOx7tyKnh4w1F2i46132yMHLHFAdQkAl AJRMIQ6E0AKK9t61r+NJ0KT8g1h9PMcJkPWkGmQjT9eahLlO1H3kua0xCZ264CFUkpYo7t0I Y9BuRafzrqRqrYBJzEeDSd2dNz8u+jTF8RlHyaiePcTE9R1A41mK2vDCgWAbmXW8eruVz+Av zdXSNr6erccamRmeTIyJ5WpGeoA/ZeTDVSLzU2/i/PK2yI/8DTwWnt0iLC+8qvbz+E27/8i5 x5w3PosUjXzHQugBZO0xrBqti9rWV6u73zAE07EKaGfTm4Py3HRfysmFijcT0xpEeuilXM72 TixP75enqXN45ouwrapBcjAM3oxn+eVAagtzMUjXjHJBP5g5PHCRTuzakNzvFu1YNV9Oec8S O+hoQAuW6Wy5NfCN3Bg+KHPu/U6Lw9TcbFtCGOswMx9U2Thuj7FeULli5tj/kLahOOMO0N++ msHrJNNWa2ekU9GJ1NDCOGH0zYF4F5dxrdNxuOGzz6a0+5o1DBaWUEN0wAMceluJNnqv0qni AGmGDY9HHUM=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=uT4Js/10RaUyDRJwPtzBIPIpI+5jUXWsbGpNGpNC9Lg=; b=E5QsAd5vmyVrr48O5V/uMNhXdebYOYRRZU8fG/mU6U7TOdSgYsTA2SOMPZHPjb2w1i wgS6udliMg8Uitho29BiFF9w5UL40RKfVEOVU6gUmi9WjGqCx2icpjQIm/YbZ4nsqsHO j0GumaXCZ4CiYnuLc3tUFc6IFNCDOp/nDZbjxXP01GdZpFYz3IHbScY0kZOrtIIAs0R+ PRRPcwTOKwCKb56nDkIPFc5yrWweDWn3atZJYl8rekQJgsq0AHIrrJ3iFb3xHydEdLcl 65zz4re8IhiV72E+3Z+BpXidBB1t1hzeaXy8sP1vQa2Z1k3+GNJ0wLPqly7nwtwHJVAR DZWQ==
Openpgp: id=748231EBCBD808A14F5E85D28C004C2F93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 05/17/2018 08:20 AM, Rich Freeman wrote:
> On Thu, May 17, 2018 at 7:55 AM brent timothy saner <brent.saner@gmail.com>
> wrote:
> 
>> i'd say 9 out of 10 deployments
>> don't really need it, though.
> 
> 
> I guess it depends on what you mean by "need."  Your servers will work fine
> without SELinux or netfilter rules or POSIX capabilities.  Heck, they'll
> work fine if you run all your daemons as root too.
> 
> I think the appeal of software-defined networking is that you can
> potentially use it to achieve a higher-level of control.  I suspect this
> becomes more practical if you're doing more
> orchestration/software-defined-infrastructure/etc, so that the network
> rules are just a consequence of the same rules used to spin up the servers
> and load balancing and all that.  In the ideal setup servers would only be
> able to talk to the other servers they require services from/etc, and this
> would be enforced through software firewalls on the servers, and by all the
> switches/firewalls/etc on the network, providing defense in depth.  With a
> central configuration you could compile device-specific rules and push them
> out anytime something changes, versus managing every switch individually.
> 
> However, your infrastructure will still "work" if your LAN is wide open and
> all the controls are on the gateway.  It just means that if something gets
> into your LAN you don't have defense in depth.
> 

this is pure oversimplification and reduction. you can absolutely
implement host-specific rules and gateway/network-wide rules both
*without* running any sort of software-defined networking as the term is
used.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Rich Freeman <r-plug@thefreemanclan.net>

References:
- [PLUG] Fwd: VMware Releases Security Update
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: "Lee H. Marzke" <lee@marzke.net>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Ron Mansolino <rmsolino@gmail.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] Fwd: VMware Releases Security Update
Next by Date: Re: [PLUG] Fwd: VMware Releases Security Update
Previous by thread: Re: [PLUG] Fwd: VMware Releases Security Update
Next by thread: Re: [PLUG] Fwd: VMware Releases Security Update
Index(es):
- Date
- Thread