[nycbug-talk] network diversity
george at sddi.net
Thu Jun 23 23:24:06 EDT 2005
Here's a couple of articles on regarding network diversity.
There was a nice debate at USENIX ATC in Boston last year about this. .
.someone from MS (against diversity) and another guy for diversity. I
only caught part of the debate, but there's a lot of biology metaphors
recurring with every argument. I think there was also something at HOPE
last summer on the topic.
It's a solid argument, I think, to say that diversity is better with
networks, as specific vulnerabilities only effect certain parts of the
network, and are less capable of replication based on uniformity. But
of course, all our love for open standards does potentially open the
door to problems in this arena.
It also depends on *what* you're running, and how it's being admin'd.
An unpatched BSD environment is much safer than a patched MS environment.
And no one is going to argue for a Sendmail, Exim, Exchange environment,
but it does make sense to move to diversity in say, an Exchange
environment but adding a Unix mail gateway, as so many firms do.
And when it comes to desktops, you obviously can't have diversity
between them, but rather within them, meaning not going the whole MS
suite from Office to IE, and not various desktop OSs and configuration.
Other thoughts on this?
I need to dig up the other talks on this. . .
More information about the talk