[dundee] Why you should not run only one O/S
Rick Moynihan
rick.moynihan at gmail.com
Thu Apr 22 10:55:27 UTC 2010
On 22 April 2010 07:14, Robert Ladyman <it at file-away.co.uk> wrote:
> http://isc.sans.org/diary.html?storyid=8671
>
> Having a monoculture leads, in effect, to a distributed single point-of-
> failure. That applies to us Linux users, too, although having different
> distributions might mitigate this to a certain extent.
This is true, and good advice... Though I'd caution people to take it
as prescriptive. Standardising on one system and O/S has many
advantages & economies of scale associated with it. It's also
significantly easier to automate and deploy security patches system
wide in such environments. Though as the case here shows, it greatly
increases the risk of a cataclysmic failure when things go wrong,
though these issues can be mitigated by for example staging updates
throughout a system slowly (rather than updating everything at once).
Clearly in life-or-death situations like on a 999 emergency hotline,
or in the avionic systems of a modern jet fighter it's important to
opt for heterogenous systems.... Infact in avionics and safety
critical systems this can be taken to the extreme where they will
install 3 or more computer systems; implemented by different teams, in
different companies on different hardware. Each of these computer
systems receive the same input, their outputs are compared and if they
differ then the majority wins. In this way they can help protect
against implementation bugs. This takes this approach of heterogenity
to the extreme, but even here there is a single specification... and
if that has errors in it, then you're still screwed.
So like everything else it's a trade off between administrative burden
and the cost or likelyhood of system wide failure due to homogeneity.
R.
More information about the dundee
mailing list