Security in homogeneous systems

The Central Intelligence Agency (CIA) has been quite industrious in creating a new way[1] of tracking documents that could be “borrowed” from a person, business or government against the will of of that entity.

This new document protection is the creation of a watermark that is also a web beacon in the document.  If you think about it, this is a pretty neat way of “bugging” a document to call home when it is opened.

This particular trick works (at the moment) only on Microsoft Office files.  Not a very surprising choice considering the market penetration of MS office.  I cannot find any usage statistics for MS Office but it seems reasonable that Microsoft has at least 50% of the overall market including personal usage and business usage.  I would bet that the business usage for medium and large sized company’s is much much higher.  There are some big firms and governments that use open source office suites but many more that use Microsoft Office solutions.

However, those ambitious CIA fellows must have had a blind spot in considering that people would only use MS products.  This probably doesn’t work when you open these documents with other office suites.  Not only that this foreign intrusion may actually be visible.  Oops.  I guess once they think this through to the end they will realize that was a bit of a silly assumption on their part.

Heterogeneous for the win

It is really a lot easier to support a company or division when everything is the same.  You have a few default images for the few types of systems.  In this situation, setting up a computer is really easy.  Really easy is not always the best solution.

All software has bugs and it is only a matter of time before some hacker or state agency finds a zero day bug they can exploit.  If all systems are using the same operating system then once a bug is found it would allow the hacker the ability to exploit it everywhere.  If some of the systems utilize a different operating system they would form type of firebreak against the exploit and help to make it safer.

Having different systems or programs can make support a bit harder but it will add subtle layers security at the minimum.

I thought that there were more articles about the dangers of homogeneous systems but Google cannot seem to find them.

Well, other than this white paper.

Read more: Whitepaper: Attack of the Clones – Is Homogeneity in a network environment safe?


This entry was posted in security and tagged , , . Bookmark the permalink.