Omer Zak wrote: > Why are you unifying all the Linux servers in one distribution? > Won't this expose your organization's computers to the dangers of > monoculture? > I cannot talk for Amos, but here is my experience. The dangers of monoculture mostly apply when you have a group from which you want the maximal survival (or minimal damage). A heterogeneous environment is the best way to achieve this, as the minimal number of item will be vulnerable to any specific attack.
A single company, often, is not like that. In a single company the danger is often equally placed for ANY item failing. In other words, you are not trying to improve the average, you are trying to improve the worst case. It's a different problem and it has different optimization points. As far as the practical side goes, there is another consideration. Even with the first case, an environment of poorly maintained individuals, be them as heterogeneous as they might, is still more vulnerable than an environment of well maintained but uniform individuals. This is under the assumption that most attacks are based on vulnerabilities that have vendor patches at the time of the attack, and that all platforms are attacked to some extent. > Won't it be a good idea to deploy different distributions/OSes on > computers through which crackers will have to break in order to break > into the organization's computers? > I think you are assuming two things: 1. It is possible to set up the environment so that the attacker has to break into ALL systems in order to gain access. 2. It makes economical sense to invest the extra time to set up and maintain such a system. I think 1 is remotely possible, but 2 is extremely unlikely. > --- Omer > Shachar ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
