Eric Greenberg wrote: >Heterogeneity has played a major role in disastor and recovery designs for >as long as I can remember (that would be the past 20 years). Equally so, I > Be *very* careful here: security is fundamentally different from fault tolerance. FT needs to defeat random, independent faults, and heterogeneity helps. Security needs to defeat an intelligent adversary, and the adversary can defeat two heterogeneous systems with approximately twice the effort of defeating a single system. The defender, in turn, has to spend approximately twice the effort to deploy dual heterogeneous systems as to deploy a single system. I argue that it is worse than that, because the effort to defeat two heterogeneous systems is somewhat *less* than double that of a single system (because the attacker can exploit common design and implementation failures) and the effort to deploy & operate dual heterogeneous systems is somewhat *more* than double that of a single system (because the defender must account for both consistency and incompatibility). Once again, it is not that heterogeneity doesn't work. It's that for the goal of defending a single resource, it is not as cost-effective as due diligence & best practices, such as properly employed authentication, firewalls, and secure operating systems. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 18:28:27 PDT