Hacker News new | ask | show | jobs
by _wldu 1805 days ago
Companies could also stop creating monoculture networks that are easy to manage and also easy to compromise. When every device is a domain joined Windows 10 machine running some low level, 3rd-party centralized remote management system, it's just a matter of time before you are completely owned.

This is the "Encryption Backdoor" problem in Computer Science (aka "Exceptional Access System"). It is impossible to build an exceptional access system and then ensure it is only used by good people to do good things.
4 comments
majormajor 1805 days ago
Non-computer-experts were sold computers and the internet as tools that would help them run their business.

I find it hard to blame them too much for unexpected unadvertised technical problems.

I propose something simpler: disconnect most computers from the internet, and don't put them places strangers can access them. Then build out the tools that work in that environment.

I don't actually think it would work in practice, though, because it's a race to the bottom. The company continuing to do all their shit over the public internet with commodity PCs is going to be doing things more quickly and more cheaply initially, and may thoroughly beat the competition before getting hit by an attack.

link
lima 1805 days ago
Some of this monoculture and attack surface is necessary (line-of-business software, standard productivity tooling, the OS itself...) for the company to function.

At least with remote management, you can respond at scale if one of those gets compromised.

link
_wldu 1805 days ago
The problem is the entire thing will be compromised. Exchange, SharePoint, clients, servers, domain controllers, etc. That's what happens to monocultures. You must have diversity at every level (OS, DB, network, apps, etc.)

Yes, it is more difficult to manage a diverse environment, but when you survive the next big ransomware attack you'll see why it's so important (while your competition struggles to recover).

This holds true for crops, people, animals, financial investing and everything else. Diversity makes us strong and resilient. Monocultures make us weak.

Monocultures are easier to manage, audit and predict, but their weaknesses outweigh those benefits IMPO.

link
TheDong 1805 days ago
We have finite energy and knowledge.

I know how to configure a firewall on linux. I don't know how to on plan9 and windows.

Should I run Windows, Plan9, Solaris, FreeBSD, NetBSD, and Linux on my 5 servers to ensure I have diversity?

To me, that makes it seem 5x as likely that I make a configuration error that leads to a critical vulnerability if I have to figure out 5 different ways to setup a firewall and sandbox.

What about using software that historically has been shown to have vulnerabilities? For example, wordpress has had a lot of vulns in the past, so should I host one of my blogs on ghost, one using jekyll, one using wordpress, or should I only use a static site made with jekyll because I know static sites are more secure?

If I'm allowed to eliminate wordpress there, why can't I eliminate diversity at other layers? I know linux is more secure than windows IME, so can't I just not run any windows hosts by the same argument that I won't use wordpress?

You mentioned "diversity at every level (network)". Do you mean I should run wireguard VPN for some of my networks, cisco for others, unencrypted for others, just so I have more diversity?

I'm genuinely curious because the model I've heard advocated so far is that a monoculture is more secure because you can eliminate less secure things (use wireguard instead of unencrypted traffic), and gain mastery of a small surface area to ensure it is harder to attack.

Adding diversity just for the sake of it, by its nature, adds more attack surface and requires more expertise to secure, so it seems to fly in the face of the common advice I normally hear.

link
webmaven 1804 days ago
> Should I run Windows, Plan9, Solaris, FreeBSD, NetBSD, and Linux on my 5 servers to ensure I have diversity?

No. At the scale of five servers, a monoculture is acceptable risk, and as long as other businesses at that scale are choosing different monocultures, the systemic risk is limited as well.

But in analogy to agricultural monocultures, larger fields make monocultures more dangerous, and many adjacent fields with the same monoculture increase the risk even more.

But geographic continuity isn't necessary in our networked world, so the analogy is of limited use, and any vendor with enough customers, no matter how spread out, makes an attractive target.

link
throw0101a 1805 days ago
> Should I run Windows, Plan9, Solaris, FreeBSD, NetBSD, and Linux on my 5 servers to ensure I have diversity?

Running Windows and Linux would be a good start. Plenty of business-y software runs on POSIX systems: perhaps your business processes don't have to run the same operating system as your desktops?

Having a file share appliance (e.g., TrueNAS, NetApp) would be a good step after that (if things get encrypted just revert to the last snapshot).

link
TheDong 1805 days ago
You may have missed the point of the question. All my machines (business and servers) are currently linux because I know how to update and secure linux.

The parent poster is arguing for diversity for the sake of it. To me, moving from my linux monoculture to a linux+windows diaspora seems less secure.

I'm talking specifically about the idea of security through diversity, not about this specific incident, so backup recommendations aren't really related to this thread.

link
fsflover 1804 days ago
You can run Qubes OS instead and enjoy security through isolation and diversity it provides by default.
link
dllthomas 1804 days ago
Ransomware in particular requires the attacker to be able to make your data inaccessible; in order to do that they need a certain level of control over every system on which that data is replicated, and as you say avoiding a monoculture makes that (substantially?) more difficult.

On the other hand, a leak or breach of user privacy requires exploiting any single system containing the data. Putting the same data on a diversity of systems makes that easier, and you won't even know what's happened if you've made it too difficult to "manage, audit and predict."

Avoiding a monoculture isn't the security magic bullet you pretend it is.

link
DougN7 1802 days ago
Diversity just leads to more attack surfaces that have to be locked down. Doesn’t sound like a good idea. And even if you had it (33% of desktop OSes each on Linux, Windows and Mac), having 1/3 of your company neutralized is still a huge problem.
link
ozim 1805 days ago
Unfortunately companies cannot afford to build messy environments.

Fixing small issues, on-boarding new people, explaining existing setups to already employed, adding new servers. That is nontrivial amount of money burned there "day in and day out" when networks are monoculture with centralized access. Making it a little bit of this flavor a little bit of other, will make those costs grow 100x in no time. This way you have 100x operational costs to prevent something that may or may not happen.

Having messy environment also brings other risks like some operator might mess up easier because of being tired fighting that mess.

link
eikenberry 1805 days ago
I believe the terminology for what you'd like to see is the zero-trust security model, and it is gaining acceptance as the new standard.

https://www.nist.gov/publications/zero-trust-architecture

link