Re: [PLUG] TuxCare

Chad Waters via plug on 13 Jan 2022 12:33:28 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] TuxCare

From: Chad Waters via plug <plug@lists.phillylinux.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] TuxCare
Date: Thu, 13 Jan 2022 20:33:19 +0000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wooders.net; s=protonmail; t=1642106001; bh=aVb7rptGNj7RJsZyLYsawavtECE3dUUHIGVroOow03I=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: From:To:Cc; b=ql58fjt3EOd4L4bwmWrIC8iOpDBGAQ0qK+KxyEyfZOr1XUDVG9NfZSvezf3wntz5K +v6bVuswNP2sJjGdoQLYnrkRtojsYZzBug7F8tR+CGNyPsIfPRo0F/DeZ82WEIT2/P PNOfv9pwWSmj0ANnxMvLzbFf2NEcPiFz6dOJYMe2UKxzGBDMgJ0WIgtBYdkVSWC+Cy cT4Bupeah8JIifRYDTvDBSOcem4DsiIOiC9RD1SvktUySY2Ang75cs9o/xLExZr0hm DdWsAYkphix+Bmor5mIYxpFDGSv9kEiEAB9vqzYhbmrAo1iH92/Fx5WL4nDrIImGBN I7nCsBedI6+/g==
Reply-to: Chad Waters <plug@wooders.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Thursday, January 13th, 2022 at 1:15 PM, jeffv via plug <plug@lists.phillylinux.org> wrote:

> Meeting Patching-Related Compliance Requirements with TuxCare
> 

> https://thehackernews.com/2022/01/meeting-patching-related-compliance.html
> 

> However, even fully compliant workloads leave a window of exposure – the
> 

> time between the moment criminal actors develop the ability to exploit a
> 

> vulnerability and the moment it gets patched.
> 

> It leaves an opportunity for intruders to enter your systems and cause
> 

> damage. Delayed patching leaves an extended window, but even patching
> 

> within compliance regulations can still lead to a very long risk window.
> 

> [parts might be commercial]

Ehhh...I'd be weary about this. It's mostly saying your distribution isn't fast enough with security updates (most distros are rather responsive BTW), so trust us to add another layer of complexity and spin up all your kernels and libraries with our custom builds. I wouldn't want anyone running automatic live kernel updates on my production assets.

Where you get into trouble is having an application or device that you don't have full control of that suddenly has a vulnerable software component. We are talking about that network controller that manages all your switches, or that medical imaging server that shares studies with remote radiologists. Sure its running some linux under the hood, but the real lag is waiting for the vendor to package the fix or validate it that it doesn't break anything for you. Maybe you have shell access to it but it is ill-advised to go rogue. In these cases, compensating controls and work-arounds hopefully fill that gap. 

-Chad

Attachment: publickey - plug@wooders.net - 0x93D3331B.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] TuxCare
  - From: jeffv via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] TuxCare
Next by Date: Re: [PLUG] Open source Mail client
Previous by thread: [PLUG] TuxCare
Next by thread: [PLUG] Hold the Phone....
Index(es):
- Date
- Thread