Re: Buffer overflow prevention

From: Crispin Cowan (crispinat_private)
Date: Mon Aug 18 2003 - 13:11:33 PDT

Next message: pageexecat_private: "Re: PointGuard: It's not the Size of the Buffer, it's the Address"

Previous message: John Goerzen: "FW: [gopher] UMN Gopher 3.0.6 released"
In reply to: Mark Handley: "Re: Buffer overflow prevention"
Next in thread: Bob Rogers: "Heterogeneity as a form of obscurity, and its usefulness"
Next in thread: pageexecat_private: "Re: Buffer overflow prevention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Handley wrote:

>>Heterogeneity increases survivability of the *species*, but does little 
>>to protect the individual. 
>>    
>>
>What you're not taking into account is contagion.  Amongst a
>homogeneous population, a pathogen that infects your friends can
>likely infect you.  Amongst a heterogeneous population, if the same
>pathogen infects a friend, there's a significantly lower probability
>it can infect you.
>
To the contrary, I did take this into account in the portion of the 
quote that you cut:

    A site manager seeking to protect their own servers cares little if
    an attack that takes them down doesn't take down their competitors.
    In fact, it's kind of bad if heterogeneity means that you go down
    and your competitors don't. At most, you could say that running the
    most common system makes you somewhat more vulnerable to attack, and
    you should take that into consideration when planning your security.

Running more common species makes you more vulnerable.

>How does this affect networks?  Well, if you're a webserver or
>mailserver that talks to everyone, the heterogeneity doesn't buy you
>so much (other than, as you said, there might be more pathogens for
>popular systems).  But if you're configured to not talk to the whole
>world (via a firewall, or something equivalent), then you're a whole
>lot safer if the machines you do communicate with are different from
>you in ways that make contagion harder.
>
As I said the last time the bio analogy came up, analogies are like 
goldfish: sometimes they have nothing to do with the topic at hand. The 
notion of being non-promiscuous and careful about who you talk to does 
not work here: non-vulnerable Linux mail servers are fully capable of 
passing virus-infected mails to vulnerable Windows clients. Firewall 
mailing lists are currently full fo sorry stories about Blaster coming 
in through VPNs, even though the firewall was blocking the right ports 
from the outside.

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

Next message: pageexecat_private: "Re: PointGuard: It's not the Size of the Buffer, it's the Address"
Previous message: John Goerzen: "FW: [gopher] UMN Gopher 3.0.6 released"
In reply to: Mark Handley: "Re: Buffer overflow prevention"
Next in thread: Bob Rogers: "Heterogeneity as a form of obscurity, and its usefulness"
Next in thread: pageexecat_private: "Re: Buffer overflow prevention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 13:34:08 PDT