Diversity: A Best Practice for Security
by Gary C. Kessler, Gary Kessler Associates

 

Abstract:

 

Fifteen years ago, when T1-based networks were first being introduced into the enterprise, concerns were sometime expressed about having "too many eggs in one basket." This same concern is now raised about Voice over IP (VoIP) implementations. But, interestingly, this concern is seldom if ever raised concerning security issues, where, as it turns out, this is a much more legitimate issue. 

 

From a security perspective, the trend to go with the most popular operating systems and applications has a distinctly negative side. Namely, if hackers are going to attack a vulnerability, they will go for the vulnerability that has the most potential impact. For a browser-based vulnerability, the hacker can have orders of magnitude more impact by exploiting a vulnerability in Microsoft Internet Explorer than by attacking users of Opera. 

 

In this IT Business Brief our colleague Gary Kessler, a well-known analyst and associate professor at Champlain College, advises enterprises that consistency may not be good from a security perspective, and that variety is not only the spice of life - but also the singular factor that may save your network.

 

About the Author:

 

Gary C. Kessler is an independent computer and networking security consultant at Gary Kessler Associates (www.garykessler.net/gka.html). He is also associate professor and program director, Computer Networking, at Champlain College in Burlington, Vt. Kessler chairs the Vermont chapter of InfraGard, a cooperative effort between U.S. government, businesses, academia, law enforcement agencies, and other organizations to increase the security of the U.S. infrastructure. 

 

bullet

Download paper
bullet

Approx. 130 kB

bullet

Click here for help with .pdf downloads. 

bullet

Return to IT Business Briefs menu

 

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.