[nycbug-talk] network diversity

George R. george
Thu Jun 23 23:24:06 EDT 2005

Here's a couple of articles on regarding network diversity.



There was a nice debate at USENIX ATC in Boston last year about this. . 
.someone from MS (against diversity) and another guy for diversity.  I 
only caught part of the debate, but there's a lot of biology metaphors 
recurring with every argument.  I think there was also something at HOPE 
last summer on the topic.

It's a solid argument, I think, to say that diversity is better with 
networks, as specific vulnerabilities only effect certain parts of the 
network, and are less capable of replication based on uniformity.  But 
of course, all our love for open standards does potentially open the 
door to problems in this arena.

It also depends on *what* you're running, and how it's being admin'd. 
An unpatched BSD environment is much safer than a patched MS environment.

And no one is going to argue for a Sendmail, Exim, Exchange environment, 
but it does make sense to move to diversity in say, an Exchange 
environment but adding a Unix mail gateway, as so many firms do.

And when it comes to desktops, you obviously can't have diversity 
between them, but rather within them, meaning not going the whole MS 
suite from Office to IE, and not various desktop OSs and configuration.

Other thoughts on this?

I need to dig up the other talks on this. . .


More information about the talk mailing list