Diversity: A Best Practice for Security
by Gary C. Kessler, Gary Kessler Associates
Posted: 03/10/2003
Abstract:
Fifteen years ago, when T1-based networks were first being introduced into the enterprise, concerns were sometime expressed about having "too many eggs in one basket." This same concern is now raised about Voice over IP (VoIP) implementations. But, interestingly, this concern is seldom if ever raised concerning security issues, where, as it turns out, this is a much more legitimate issue.
From a security perspective, the trend to go with the most popular operating systems and applications has a distinctly negative side. Namely, if hackers are going to attack a vulnerability, they will go for the vulnerability that has the most potential impact. For a browser- based vulnerability, the hacker can have orders of magnitude more impact by exploiting a vulnerability in Microsoft Internet Explorer than by attacking users of Opera.
In this IT Business Brief our colleague Gary Kessler, a well-known analyst and associate professor at Champlain College, advises enterprises that consistency may not be good from a security perspective, and that variety is not only the spice of life - but also the singular factor that may save your network.
About the Author:
Gary C. Kessler is an independent computer and networking security consultant at Gary Kessler Associates (www.garykessler.net/gka.html). He is also associate professor and program director, Computer Networking, at Champlain College in Burlington, Vt. Kessler chairs the Vermont chapter of InfraGard, a cooperative effort between U.S. government, businesses, academia, law enforcement agencies, and other organizations to increase the security of the U.S. infrastructure.
http://www.webtorials.com/main/itbiz/newsletter/itbb-2003-3.htm