[10859] in bugtraq
Re: Diversity
daemon@ATHENA.MIT.EDU (Sheldon Young)
Fri Jun 18 13:20:07 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000201beb8de$e641b930$ea0000c0@syoung>
Date: Thu, 17 Jun 1999 09:31:48 -0700
Reply-To: Sheldon Young <syoung@FIRSTCLASS.CA>
From: Sheldon Young <syoung@FIRSTCLASS.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199906170811.KAA15367@mail.emit.pl>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@netspace.org]On Behalf Of
> Ian Carr-de
> Avelon
> Sent: Thursday, June 17, 1999 1:12 AM
> To: BUGTRAQ@netspace.org
> Subject: Re: Diversity
>
>
> > Greg> Lastly, I would simply like to point out that monoculture
> > Greg> installations are very dangerous. It's a concept from
> > Greg> agribusiness.. if you have all one crop, and a virus comes
> > Greg> along that can kill that crop, your out of business.
> >
> >Very true, and this is a terrifically important message to get out.
> >Not to be pedantic but actually it is a concept from ecology: the
> >"business", as Greg puts it, can be any system. Diversity makes for
> >resilience, and vice versa. Okay aleph, it's not a bug but it is a
> >way we should be thinking.
Diversity is desirable when thinking in terms of reliability, DoS and
wildlife (viruses, worms, etc). Not having a homogenous environment means
that not all of your machines are likely to go down at once.
Diversity is not so good when it comes to security. It means that there are
FAR more potential security holes to be exploited. It doesn't matter that
having a heterogenous network means a cracker didn't break into all of your
machines. Just getting into one is a bad thing.
10 identical boxes is way harder to secure than 10 different boxes. 10
different boxes is way more reliable than 10 identical boxes.
We just haven't learned when to use what technique.
