|
> from: James Rich <james@xxxxxxxxxxx> > Actually two highly respected books on security suggest > that mixing platforms makes your overall network more secure: In like manner, a couple hundred years ago, highly respected southern states Christian ministers preached that the practice of slavery was supported by the Bible. Why would they do that? > The same two volumes suggest the dividing resources as > described does enhance overall security by not putting all > your eggs in one basket - even if it is a very strong basket. I'm not sure I understand the analogy. If we assume that "eggs" correspond with sensitive "data", why aren't these folks suggesting that a company's data be divided across multiple boxes? Is it because they're promoting an application architecture supported by Microsoft? Or are they promoting the services of high-priced network consultants and developers to assist in the configuration and administration and development of complex environments? > If an attacker has to compromise two machines to get > your data instead of one s/he will likely be more deterred > than otherwise. If an attacker has to compromise two programs to get to your data, wouldn't that accomplish the same thing? The problem with the idea of multiple "machines" is that people are using machines that host Windows, Unix, and Linux services, which not only offer a broad range of services, but also have known hacks. I support the idea of multiple machines separating ones data from an attacker. But I'd suggest that the machines be running address translation, port blocking, protocol filters, and other services offered by routers and firewalls. When it comes to embedding security in ones application layer, I recommend only the OS/400 platform. Nathan M. Andelin www.relational-data.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.