Full Disclosure mailing list archives
Re: CyberInsecurity: The cost of Monopoly
From: Karl DeBisschop <kdebisschop () alert infoplease com>
Date: Sun, 28 Sep 2003 08:14:12 -0400
On Sun, 2003-09-28 at 04:20, Florian Weimer wrote:
On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote:I think we have lost the point of the thread CyberInsecurity: The Cost of Monopoly which states your exact point that diversity is the most important aspect of network protection.I often hear such claims, but I'd rather see companies to allocate adequate resources to deal with a uniform computing environment. Currently, most companies with such an environment do not deploy *any* countermeasures. There was a wide range of options to counter the recent malware waves, yet many organziations did nothing.
I may have missed something, but as I read it the article was not so much espousing diversity in the individual workplace as suggest that diversity be fostered within the ecosystem. Individual comapnies may or may not be in a postion where diverse networks make sense for them, but the disversity should not be optional for nation's infratstructure .
Diversity is good, sure, but unless you can afford the costs of a workforce which is equally skilled on very diverse platforms, you just make things worse.
Many (most?) large companies do have skilled unix admins and skilled windows admins on their staff. And ussally there is a good business reason for such. In that context, you could read the report as 'where diversity presently exists in a single network, consider carefully before excising that diversity for small gains - the unquanitifed gains of diversity may outweigh the anticipated gain'
Furthermore, some aspects of diversity are already creating huge problems, e.g. mobile devices which are not configured according to company guidelines, but are nevertheless connected to the company network.
Crunchy shell, soft-chewy insides? If a network is compromised by friendly employees not adhering to guidelines, what sorts of things could happen when the device and its operator are not friendly. There is a school of thought that we can protect out corporate networks by making each desktop completely uniform. That may be true, but few companies have a good system for bringing the apps a user needs to their desktop. So the networks are protected - and the users equally well protected from doing their job. I'll stop there - I've seen too much time lost (months of time lost to web portal testers because AOL was not an approved browser -- inspite of the fact that 50% of the portal users had AOL). It ticks me off, and I don't feel I can talk about it without going into flame mode. -- Karl DeBisschop <kdebisschop () alert infoplease com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly, (continued)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Peter Busser (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Fabio Gomes de Souza (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Chris Stewart (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly *Hobbit* (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Karl DeBisschop (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)
- Pudent default security - Was: CyberInsecurity: The cost of Monopoly security () brvenik com (Sep 28)
- Re: Pudent default security Paul Schmehl (Sep 28)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)