North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Diversity as defense
- From: Valdis.Kletnieks
- Date: Tue Jan 20 00:09:26 2004
On Mon, 19 Jan 2004 15:35:22 EST, sgorman1@gmu.edu said:
> The diversity, monoculture and agricutlure analogy makes nice press, but how
> realistic is diversity as a defense.
Well.. if diversity were to actually exist, it would be quite helpful. Right now,
if you have a Windows exploit, you might as well point and pull the trigger because
you have an 86% chance of nailing the target. Add in a Linux exploit and you're well
over 90%. That's Russian Roulette with a 10-shooter and one bullet.
On the other hand, let's think about if there were 10 products that each have 10%
market share, and even a minimal attempt at deterring fingerprinting of the target,
you're looking at a 90% chance that the exploit you launch will fail and leave a
nasty mark on an IDS. Suddenly, it's 9 bullets and one blank. And even worse odds
if you haven't been picking up all the exploits in the series - or not all the products
are vulnerable.
Unfortunately, it's not a realistic scenario, because...
> Is cost the biggest hurdle or limited
> avaiability of competitive products, or simply no bang for the buck by
> diversifying.
I can sum up *every* problem I've had in getting people to migrate in just
3 words: "vendor lock in". Enough said on that topic.
Attachment:
pgp00019.pgp
Description: PGP signature
|
