Ian Carr-de Avelon wrote: > We can think about it, but what can we do about it? Just as in farming > there are reasons why we have the monoculture, and just like they buy > more pesticides, we buy virus scanners to fix our solution rather than > designing another solution. In fact we have even less ability to move > away from it than farming. If a farmer bucks the trend and therebye has Not so. The most simple form of diversity I recommend to clients is a multi-tiered network structure. Different segments are isolated by differing systems. Border firewalls are built with two different operating systems. I never recommend m$ on the border..go figure. Having differing IP stacks for a packet to travel through increases the chances that malicious packets will get trapped on one of them and the internal network remains protected. In *nix land, we don't rush out and buy more virus scanners, we fix the problem. Matter of fact, virus scanning on *nix networks tends to fall into the "I'll do it when i get around to it" area. *nix is a perfect example of diversity. Unix type people didn't buy virus scanners, they have fathered the varied groups of systems that we have today. An amazing amount of forethought has gone into the development of each flavor of *nix. Different theories are implemented in different stacks. Sometimes this has caused problems, but overall it engenders a resilliency to faulting. *nix programmers typically build in reliability and security in the design which makes the base structure sound. Yes, a lot of buffer overflows are found and quickly fixed however one must consider that this is a system where you have walls inside the server. Sometimes even root can't get around those walls. There is precious little on an m$ system that cannot be had once priviledged access is gained. Diversity can certainly be thought about. The open source model encourages program development. Many people writing differing versions of software. Naturally this diversity means an exploit in one program is unlikely to be found in another. Diversity is certainly alive and flourishing, make no mistake. If major Cisco bug came out, your customers will complain due to the widespread use of Cisco equipment. Not everyone uses Cisco however and not every Cisco machine is going to be reachable to crash. Some of your customers wouldn't even notice, some of your customers would see a few slow or dropped sites. Some would find their favorite place unreachable. The internet is an extremely diverse culture of equipment and people and short of a humanitarian disaster, nothing is going to take the whole thing down. Encourage diversity. No one operating system should dominate. Only OS zealots would differ with this view. -d -- This is Linux Country. On a quiet night, you can hear Windows NT reboot! Do you remember how to -think- ? Do you remember how to experiment? Linux __ is an operating system that brings back the fun and adventure in computing. \/ for linux-kernel: please read linux/Documentation/* before posting problems
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:00 PDT