When the pioneers of microscopy first squinted into their pristine eyepieces at impossibly tiny samples of life, what do you think they saw?
Did it surprise them? Did it scare them? Did it help them understand the things around them? And did it help them make breakthroughs and become legends? Yes it did. First these technological pioneers saw; then they developed theories they understood and proved out, and then they took decisive, necessary actions that continue to sculpt the world we live in today, making it a safer place.
When an OEM makes the news because their flagship products had vulnerabilities dating back years (to decades, in some cases), the wise system administrator could do well to listen, learn, mitigate and remain vigilant. A few weeks ago F5 Networks, a prominent vendor of load balancers and Global Traffic Manager solutions, released details of an exploit that becomes the basis for this week’s Deep Dive Edition of Data Center Therapy.
Prepare to peer through that microscope and enter a new, dimly lit and mysterious landscape – the Security World. Where things like in-band management and improper string handling techniques become booby-traps and landmines through which System Administrators must carefully cross-navigate. Compromises like SQL Injection Attacks lurk around dark corners while you’re just trying to regenerate your certificates, automate your environment and deploy packages like NGINX, Apache and Tomcat, all while ominous deadlines loom. It’s enough to send lesser professionals screaming away in terror, but thankfully our intrepid DCT hosts have your back – consider them your Layer 8 firewall.
Yette and Cozzolino embark on their most security-focused and technical journey yet into the making of this F5 vulnerability, while also educating listeners on things like two-factor authentication missteps, social engineering goofs, and the dangers of running multiple application & web servers from different codebases on your servers. Tune in to make your mind feel like it’s been shrunk down to Innerspace dimensions as we go on a Fantastic Voyage to the core of the F5 exploit.
If you need help remediating the causes (and mitigating possible effects) of CVE-2020-5902, we are here to help. Fill out this form or reach out to your Account Manager and we’ll get in touch right away.
Stay safe, stay F5-firmware-current, and stay informed, DCT friends – don’t let those nasty vulnerabilities bite!
About Data Center Therapy
IT talk with a healthy dose of empathy: Hosts Matt Yette & Matt Cozzolino draw on their combined 40+ years of infrastructure experience as they discuss the ever-changing technology landscape – from virtualization to storage, security to networking, and everything in between.
Like what you’re hearing? Be sure to subscribe!