[Dshield] Microsoft patches

John Holmblad jholmblad at aol.com
Tue Oct 21 03:54:46 GMT 2003


Jon

you raise, implicitly, if not explicitly, an important "folk theorem" 
which is "one job, one machine" in order to avoid cross-contamination 
and unforeseen vulnerabilities that are exposed between applications. My 
personal experience over the years as I am sure that of many others 
supports that theorem. I have been recently probing on this issue within 
Microsoft and. not surprisingly there is not uniform agreement  as far 
as I can tell at least as to what they believe is "best practice" from a 
security perspective. Sometimes I hear them advocating the theorem (a 
cynic would say, in order to sell more server licenses) while other 
times I seem to hear, in effect, "hey no problem as long as you have the 
system capacity (RAM/DISK.CPU/IO) to handle the workload imposed buy the 
sum of the application stacked on the system. Microsoft Small Business 
Server is of course a big counterexample of the theorem.

 I actually believe that a potentially economic  way forward on this 
question for adherents to this theorem can be found in what HP, Dell, a 
few others, and, particularly IBM are doing with Blade Servers and 
LINUX. Although blade servers came of age in the heyday of  IDC 
buildouts, they can equally serve as highly reliable space and power 
efficient application server engines of various sorts within the 
enterprise. And of course you can mix OS's from one blade to the next if 
you need to, say a Linux/SAMBA file server with a W2K SQL server with 
Great Plains on a third blade. This is of course in stark contrast to 
IBM's strategy as positioning the good old Z-series as the be all and 
end all server that will run VM like you wouldn't believe and collapse 
your data center down to one honking machine running everything, as 
their recent commercial suggests.
-- 

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

text email address:         jholmblad at vtext.com




More information about the list mailing list