[Sussex] A Tale of Two Servers.....
Mark Harrison
Mark at ascentium.co.uk
Fri Aug 15 12:24:01 UTC 2003
Nik,
Firstly, netcraft is interested in servers.
Non-MS platforms, deservedly, have 80+% of the server market (With my
security consultant hat on, I think that anyone who runs an Internet-facing
MS server is being foolish..)
However, the primary source of vulnerability is client PCs sitting in
people's houses which are all of a sudden using always-on connections, and
therefore vulnerable to port-scanning based attacks. This market is still,
sadly, dominated by Microsoft, not least because many of the broadband
providers will only "support" Windows... anything else and you're left to
community support. (This is, in many cases, better than ISP support, but
it's still an offputting factor.)
It's actually an ecological argument. Monoculture is vulnerable to
type-specific attacks, and viral attacks spread exponentially. This is just
as true of banana virus in the Caribbean in crop-space, as it is all-MS
networks in the IT-space. The best defence against pandemic spread is in
fact a strong MIX of different systems, so a vulnerability on one can't
ripple through to "adjacent" hosts quickly.
This IS a key benefit of Linux's diversity - there are so many different
types of Linux out there that there are relatively few places where
vulnerabilities could effect the whole Linux community... and the OpenSource
nature of Linux means that they come under far more scrutiny than the
Windows kernel.
However, for anyone who is smug in their assertion that OpenSource provides
a bastion against hacking: www.theregister.co.uk/content/55/32355.html
Regards,
Mark
----- Original Message -----
From: <nik at wired4life.org>
To: "Sussex" <sussex at mailman.lug.org.uk>
Sent: Wednesday, August 13, 2003 7:59 PM
Subject: Re: [Sussex] A Tale of Two Servers.....
> On Wed, Aug 13, 2003 at 03:55:48AM -0400, Steve Dobson wrote:
> > We warned young Nik, as more and more people turn to Linux then so
> > to will the crackers. It will be intresting to see how secure Linux
> > remains when Linux becomes a common desktop OS with John Q. Moron in
> > charge of it.
>
>
> here goes some bad Function driven algorithms.
>
> Um, but lets jut review this... the crackers are a equal amount of
> people dedicated to the simple or diffucult challenge of breaking
> systems. The amount of crackers [c] will not grow or diminish depending
> on operating system utilisiation
>
>
> Now lets look at a good open and available network, the internet, of
> which the best source for stats on machine utilisation is netcraft.
> Accordingly it suggests that MS holds less than 20% utilisation of
> always on hosts. So Im discounting PCs and Home computers im just
> looking for open targets that have been around for a period of time.
>
> So Unix [u] and Micosoft [m] share the internet about 80/20.
>
> Now U has actually been running the net and delivering services for a
> longer time than M so lets adjust the percentage ... okay how to do
> this. lets say the net has been online for about 20 years of which M has
> used only 1/4 of that time.
>
>
> so now we have 95% U and 5%m where c can write and attack the net.
>
> So wheres all the Really bad nasty damaging annoying continual network
> crippling Viruses ? And how come if M comprises 5% of the net it results
> in 80% utilisation of news media and interuptions ?
>
> just my two pence... and actually its a article SCRIBBED from work done
> by Eddie Bleasedale at Netprojects.
>
>
>
>
> --
> nik at wired4life.org http://www.wired4life.org/ Wired4Life, an Answer.
>
>
> MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians
Against Drunk Deriving
>
>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
>
>
More information about the Sussex
mailing list