× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2003

Re: iSeries vs. Unix vs. SQL Server vs. Oracle & Security/Dataseparation???

> from: James Rich <james@xxxxxxxxxxx>
> Actually two highly respected books on security suggest
> that mixing platforms makes your overall network more secure:

In like manner, a couple hundred years ago, highly respected southern states
Christian ministers preached that the practice of slavery was supported by
the Bible.  Why would they do that?

> The same two volumes suggest the dividing resources as
> described does enhance overall security by not putting all
> your eggs in one basket - even if it is a very strong basket.

I'm not sure I understand the analogy.  If we assume that "eggs" correspond
with sensitive "data", why aren't these folks suggesting that a company's
data be divided across multiple boxes?  Is it because they're promoting an
application architecture supported by Microsoft?  Or are they promoting the
services of high-priced network consultants and developers to assist in the
configuration and administration and development of complex environments?

> If an attacker has to compromise two machines to get
> your data instead of  one s/he will likely be more deterred
> than otherwise.

If an attacker has to compromise two programs to get to your data, wouldn't
that accomplish the same thing?

The problem with the idea of multiple "machines" is that people are using
machines that host Windows, Unix, and Linux services, which not only offer a
broad range of services, but also have known hacks.

I support the idea of multiple machines separating ones data from an
attacker.  But I'd suggest that the machines be running address translation,
port blocking, protocol filters, and other services offered by routers and
firewalls.

When it comes to embedding security in ones application layer, I recommend
only the OS/400 platform.

Nathan M. Andelin
www.relational-data.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.