lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: kdebisschop at alert.infoplease.com (Karl DeBisschop) Subject: CyberInsecurity: The cost of Monopoly On Sun, 2003-09-28 at 04:20, Florian Weimer wrote: > On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote: > > > I think we have lost the point of the thread CyberInsecurity: The Cost of > > Monopoly which states your exact point that diversity is the most important > > aspect of network protection. > > I often hear such claims, but I'd rather see companies to allocate > adequate resources to deal with a uniform computing environment. > Currently, most companies with such an environment do not deploy *any* > countermeasures. There was a wide range of options to counter the > recent malware waves, yet many organziations did nothing. I may have missed something, but as I read it the article was not so much espousing diversity in the individual workplace as suggest that diversity be fostered within the ecosystem. Individual comapnies may or may not be in a postion where diverse networks make sense for them, but the disversity should not be optional for nation's infratstructure . > Diversity is good, sure, but unless you can afford the costs of a > workforce which is equally skilled on very diverse platforms, you just > make things worse. Many (most?) large companies do have skilled unix admins and skilled windows admins on their staff. And ussally there is a good business reason for such. In that context, you could read the report as 'where diversity presently exists in a single network, consider carefully before excising that diversity for small gains - the unquanitifed gains of diversity may outweigh the anticipated gain' > Furthermore, some aspects of diversity are already creating huge > problems, e.g. mobile devices which are not configured according to > company guidelines, but are nevertheless connected to the company > network. Crunchy shell, soft-chewy insides? If a network is compromised by friendly employees not adhering to guidelines, what sorts of things could happen when the device and its operator are not friendly. There is a school of thought that we can protect out corporate networks by making each desktop completely uniform. That may be true, but few companies have a good system for bringing the apps a user needs to their desktop. So the networks are protected - and the users equally well protected from doing their job. I'll stop there - I've seen too much time lost (months of time lost to web portal testers because AOL was not an approved browser -- inspite of the fact that 50% of the portal users had AOL). It ticks me off, and I don't feel I can talk about it without going into flame mode. -- Karl DeBisschop <kdebisschop@...rt.infoplease.com>
Powered by blists - more mailing lists