Re: [PLUG] Fwd: VMware Releases Security Update

brent timothy saner on 17 May 2018 05:43:37 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fwd: VMware Releases Security Update

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Fwd: VMware Releases Security Update
Date: Thu, 17 May 2018 08:43:22 -0400
Autocrypt: addr=brent.saner@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFKm0mgBEADSI5oeyqRYZ8YWxPbux4CeqaMNh4etuyJmglDRCQB9t1XlvhMDLZWQNqm+ ORBN3YGISUu+X55p10lK/O1w/85zXkAV7Qe6fkvUzSx0tbPWLu4rn4zH9JgTExElhFRv143H W/EKehejEetkNz6JSwGUXNiF5qh1GbKLOmShbmCSKXLcmw05Qj4ELmhkH9OWXpeM0EHmWIEK VSeoIim/g1MYYxKOb1wY3DEubY9zn3lfz9xfLq/xlFMepDyNAEer/qZDSHQqnymdqXlt6L9e mfd4snHLiDfUgG9JOPeMDWeT6XWJDtKKCcZ3JDSMEGgZsFYpwJxJEwPxnfhHJmH8ENxi/8Cu 0fLFvzgAP+VK/Z1egBI7l241fDDREg3e+NWFhUM5bjwBmqk1z8nkRdru+QSMtPl6Erkd+Tbp 7lGGpQwCbI6esdBPkx/nV8+fIPEcsR2G5jG7O9U4J6q3B1nRFrR863SJHudIWV/l59ZvA8kI knDYNOixPLmnoRrO7LNIWe9jpnkZdg34Aa5AjAjGEKwY5EAzqkKuPEMVGqg/36YUcnqYS98W iVgCpaGg6KJqCMVXBfugxd79rtkyT4Oeju/z/Yp2xxXm3Pqcocb1CxbiEYDLJNT7/hyIJ072 4asMz2DTDMIMciP93hPraEtINknPlerNX2XqK03D+gyBGqAL7QARAQABzStCcmVudCBUaW1v dGh5IFNhbmVyIDxicmVudC5zYW5lckBnbWFpbC5jb20+wsF8BBMBAgAmAhsDBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AFAlLzvnsCGQEACgkQjABML5NIH2vQHxAArz6yjoQqUPoOFBRF P6hXHcMegvh4vZ0xOcoU+7KyUyD2f5jYivQFSVYcRDr7hyHTs3iRr0HKN8dUUSyLkNCc+rd2 FwqftUF2JLqlqpJ4HDXw+5L2rw0+0voy7JpRNtoGlfkh32SHIbTmNwVIFm1yVg+xNk0RAvl8 /NnPzgi0IKgOJNcxicLpy0f0o/uWHKcm6uS8SBZL3col1Wuhwqt/VY7Nz0cCF7IrRNGyMMPF PMRq3A5144U81WQR94iGlpvWku/qnFAvC9NNTllCwFYpiuI2BkndlPO3YqOwcGbVTOO765la Qz9EQn9b9ipnPjOSp9HLhu53RoJyUWogBtijCzEgODYJuflPWoXG4ubB11wP2CRPZzj3KqFE cShAyNwE2bAtHwtqsksII3J46EEQDrHam/0D6F+jNMZK31E/ET9WcdzZhFRGaBd748dRcaoH BaHpviH+GtRZiWtrR0238Df05MtZPTlZi2t4icBIGVN4j0mcMbgVY/5CudLQGa7BSjnKR/uy hJI7ANOHCsIud6rIB9s5qly60bXjOZ4hG1iFIhUFC+zgrOYGZLbJgCaKd5sdBCWOsQwInD/X eWO+6p4bW0YIp0YXZA5+0Uo8EP4t+NzvfGhe19gy8hrJYZGSW1PJDvqvs+b5XO2j5Be6ec2Y 09Ta99U94SxWp3nXpKTOwU0EUqbSaAEQAMIB/UpTre+NGzkvTmO6wnfQuzJKEEWnX2p/+eQF ZgDhObvwhvZr7C3I9wP3JnAP3LoJqrnmp78qE2v7snlSG1i66hqcj8Cw2EkBRLFsseva2uI5 B63RLrV0tTXN86nmHhw8qJ2GBu84Ddw7KtYoCRbq902eWsgWxRJVwAK+ip24tVVJxaR23nkO FwU+suYRDhiM9GLVj2waomgJK60dhxLOLZSRwJ0S1A2pu16GEx8USEoz7WNDJgx8PJPSzyH5 U7h9hXhpTEvS8nOV5G7YhksKBR6ECjmleCSehBaotVTAhXTfoh9fyCusMBwizLBoS8GmPUnv nUlvJzyAzu1KxnFzpwEk9ZBgLqWxzC/i4PZKrpqG7n5JqgEl0gg+7fn5Sdwq14Trg+djDGa5 c8n5hXEyszWTka53AhVCn8yq01zYNZoMDG6adYku/g3n5mBxKYuSoMkzuPRgihpsrhN/0RGY nJRDw5cpAjywWhTfFWGaAz6mDNhCV9daoqAoFjmIt9PAFeTrHj0XZXW7C53t4Qor9Nc5goh5 jlw7vv58CpdF0dPF6jLhDL2AYtplqwdPQr8+hj8WyFW8Rbj/OOj/z/JdDa6xCqfvh0udGLVa FDwQXZ1D4sqjwABhqdCppYb9TSq0TzR2LyZDnn/JZied2Q2LypPbsoGa3qd//w5W6NczABEB AAHCwV8EGAECAAkFAlKm0mgCGwwACgkQjABML5NIH2tCDBAAiMHQIKXCnm3XOcBuArJ8l0Yp W7q9KWF1YtmK+Jg+JqF8vTR7qvJ1djpVJVzCbL73bSrw24bLjHhcATuBsQxYPu2sSulcPB8n ri3ki/rWiWpNtjykKi6z56o+vDmbVH8UyA++zHQIaOx7tyKnh4w1F2i46132yMHLHFAdQkAl AJRMIQ6E0AKK9t61r+NJ0KT8g1h9PMcJkPWkGmQjT9eahLlO1H3kua0xCZ264CFUkpYo7t0I Y9BuRafzrqRqrYBJzEeDSd2dNz8u+jTF8RlHyaiePcTE9R1A41mK2vDCgWAbmXW8eruVz+Av zdXSNr6erccamRmeTIyJ5WpGeoA/ZeTDVSLzU2/i/PK2yI/8DTwWnt0iLC+8qvbz+E27/8i5 x5w3PosUjXzHQugBZO0xrBqti9rWV6u73zAE07EKaGfTm4Py3HRfysmFijcT0xpEeuilXM72 TixP75enqXN45ouwrapBcjAM3oxn+eVAagtzMUjXjHJBP5g5PHCRTuzakNzvFu1YNV9Oec8S O+hoQAuW6Wy5NfCN3Bg+KHPu/U6Lw9TcbFtCGOswMx9U2Thuj7FeULli5tj/kLahOOMO0N++ msHrJNNWa2ekU9GJ1NDCOGH0zYF4F5dxrdNxuOGzz6a0+5o1DBaWUEN0wAMceluJNnqv0qni AGmGDY9HHUM=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:openpgp:autocrypt:subject:message-id:date :user-agent:mime-version:in-reply-to; bh=qED0tVcnJT5PktiMPxPV4oxPf6rK7Z0QN9DdrmSbqbI=; b=eeh1oLBi64cLNTdMIWMP5vzYMSF1gVzSQaRCx7glcheA35k2cYT2RR6SQBuVLecBW9 PFV/y8ZDQ1s9ZWimRa+dmiQvLHxnWUrYkvVhMiilFPc0kCYtoQS1LZqNoJhMuF1Nd7Se i1Ozr+4uwaQguvufzFuoXHKLrf6EFcNN6gxJkOTj3aYB9KRNIeCN36YJIozeCgzE6t3i bf9DSdgiYqHuR9m2kIuuIDKVbzIQ0N/uDPm39v87HYNUFtHuDBu4KFfZ+WDOSkyzuIas qbXtCMt7rksOq/OCnqLy+8IaynuRr1Jdw/gNSTx9GZoFtEuQU6gyDEfUITlVU0vqM+hM mtgQ==
Openpgp: id=748231EBCBD808A14F5E85D28C004C2F93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 05/17/2018 08:33 AM, Rich Freeman wrote:
> 
> Nothing you said contradicts what I said.  I said that centralizing it
> eliminates the need to manage every switch individually.  Is that not
> accurate?
> 

"I guess it depends on what you mean by 'need.'  Your servers will work
fine without SELinux or netfilter rules or POSIX capabilities.  Heck,
they'll work fine if you run all your daemons as root too."

"However, your infrastructure will still 'work' if your LAN is wide open
and all the controls are on the gateway.  It just means that if
something gets into your LAN you don't have defense in depth."

both of these predicate that one must use SD networking in order to have
defense in depth. this is false. if this is not what you meant, then why
bring up such examples within the context? one does not need SD
networking for defense in depth, full stop.

further, it can even be harmful - if a network is smaller than a certain
threshold, you add unnecessary complexity to your network by using SD
networking. hopefully it goes without saying that unnecessary*
complexity is an enemy of a thorough security policy.

* "unnecessary" being the operative word. SELinux is what i'd consider
necessary in many environments. implementing SD networking is not for a
network that has, say, all of 5 machines (virtual or otherwise,
cumulatively).

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Rich Freeman <r-plug@thefreemanclan.net>

References:
- [PLUG] Fwd: VMware Releases Security Update
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: "Lee H. Marzke" <lee@marzke.net>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Ron Mansolino <rmsolino@gmail.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Fwd: VMware Releases Security Update
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] Fwd: VMware Releases Security Update
Next by Date: Re: [PLUG] Heads-up, PGP/GPG users: critical security flaw, disable it in email clients NOW
Previous by thread: Re: [PLUG] Fwd: VMware Releases Security Update
Next by thread: Re: [PLUG] Fwd: VMware Releases Security Update
Index(es):
- Date
- Thread