What is ITIL? Do I need it?

ITIL, Information Technology Infrastructure Library, is a set of practices for IT Service Management (ITSM) that focuses on aligning IT services with the needs of business. Since July 2013, ITIL has been owned by AXELOS, a joint venture between Capita and HM Cabinet Office. AXELOS licenses organizations to use the ITIL intellectual property, accredits licensed examination institutes, and manages updates to the framework.
According to Wikipedia: "...ITIL describes processes, procedures, tasks, and checklists which are not organization-specific, but can be applied by an organization for establishing integration with the organization's strategy, delivering value, and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement."
ITIL, is a series of documents that are used to aid the implementation of a framework for IT Service Management, or quoting the Office of Government Commerce (OGC): "...a consistent and comprehensive documentation of best practice for IT Service Management.".

The various components and elements of ITIL include:

  • Service Support. Request management, incident management, problem management, and other processes are aimed at ensuring that end users have the appropriate technologies and services to perform their jobs.
  • Service Delivery. Service level management, capacity management, IT service continuity and availability management, and other activities help IT departments proactively provide needed services to end users.
  • Service Management Implementation, which defines processes for developing a vision, analyzing the organization, defining objectives, and deploying related services.
  • Security Management, which is designed to keep all applications, information, and systems fully protected.
  • Infrastructure Management. This discipline directly relates to the management of software and hardware made available to end users, and includes design and planning, deployment, operations, and technical support.
  • Business Perspective, a collection of best practices for enhancing IT service provision.
  • Application Management, procedures and policies aimed at improving software development efforts across the entire lifecycle.
  • Software Asset Management. Practices such as software license compliance, inventory tracking, and software definition, configuration, use, and retirement help minimize the cost and risk associated with the acquisition, utilization, and maintenance of software assets.

Many businesses choose to incorporate only those aspects that are most applicable to their specific business needs, or opt to tailor or modify various practices to address unique requirements.

Those companies that have embraced ITIL have reported significant benefits, including:

  • Minimized IT expenses and better control over IT budgets.
  • Improved IT service delivery and better alignment of IT with the business needs.
  • Enhanced end user satisfaction.
  • Better adherence to IT standards and guidelines.
  • Increased productivity and resource allocation.

Since 2014, AXELOS is the owner of the ITIL personnel certification scheme. ITIL exams are administered by Accredited Training Organizations (ATOs), which are accredited by Examination Institute. There are three levels of certification for ITIL: Foundation Certificate, Practitioners Certificate and Managers Certificate.

Many years ago IT was expensive and difficult, with only a few people understanding it. IT departments consisted of people with great technical knowledge who told the business what "they could" have. These IT organizations were often inefficient and many of them had poor understanding of what their customers really needed.
With the introduction of ITIL organizations finally started to focus on providing services, rather than managing technology. At first ITIL had a very strong focus on processes and this helped IT departments do two things.

  1. Improved the quality of the services they delivered.
  2. Reduced the costs of delivering those services.

Inefficient ITIL implementations, with strong SLAs, tend to reduce costs at expenses of their customers, forgetting the real reason for IT existence, which one was to create value for the business improving customer satisfaction.

ITIL needs to be used as a guide to organize and improve IT services without sacrificing customer needs.

The GHOST Vulnerability

The GHOST vulnerability (CVE-2015-0235) is a very important weakness in the Linux glibc library. It allows context-dependent attackers to remotely take complete control of the remote system without having system credentials.
It can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

During a code audit Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address.

January 27 2015 most of the Linux distributions have release updated packages, which
contain a backported patch to correct this issue. To resolve this vulnerability, a patch is required followed by a reboot of the system.

RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html
Ubuntu: https://launchpad.net/ubuntu/+source/eglibc
Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235
Oracle Enterprise Linux: https://oss.oracle.com/pipermail/el-errata/2015-January/004810.html
CentOS: http://lists.centos.org/pipermail/centos-announce/2015-January/020906.html
OpenSUSE: http://lists.opensuse.org/opensuse-updates/2015-01/msg00085.html
GNU C Library: http://www.gnu.org/software/libc/
Mitre: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

The entire Linux community thanks Qualys for reporting this issue.