Could Cross Platform be used as a means of redundancy?

I came across a story by Nick Farrell of the Inquirer about a case that happened to an Australian Power company.

The crux of the story is that a virus infected the company’s infrastructure and was spreading inside the network. The engineers quickly replaced the Windows machines with their Linux development stations and this ensured that the plant didn’t have to be shut down due to the infection.

This got me thinking about whether having a cross platform environment can be used effectively as a redundancy system? Granted there are a lot of challenges here; and the Australian story also had an important element in its favor – the Windows machines in that case where merely using XServers to connect to an underlying Solaris System, so there was really nothing to it in order to accomplish the changeover.

If an organization wants to have a cross platform infrastructure it would need to develop its infrastructure on multiple platforms for no additional benefit other than to have a more robust failover. There is also the risk that if third-party software is used (which arguably will be so in most cases) these might not be cross platform, thus making it impossible to have a cross platform redundant system in some of the infrastructure.

Training might also be a prohibitive factor. This too depends on the environment/work involved. It is one thing if you’re simply running a business that requires users to do word processing, quite another if you have a development environment. Users might need to be trained in both your cross platform systems which will be costly in most cases.

However the benefits in such a case can be great as well. If your business requires maximum uptime, this can help achieve that goal in some cases.

This approach might be an effective second level strategy against viruses and malware. If your virus scanner fails and the network gets infected, the recovery procedure might involve rebooting and booting in your secondary OS. Viruses are rarely cross platform and this should generally be safe enough.

Another advantage would present itself in the updating lifecycle. Sometimes updates break the infrastructure or part of it, so having an alternative platform would ensure that you have a quick failover should that happen.

Additionally this can also protect against data corruption. If the environment of a workstation gets corrupted or damaged to a level that it becomes unusable, all the user would need to do is reboot into the other environment and the primary platform can then be fixed after hours thus avoiding any downtime to that system.

A final advantage would be in the case of a critical vulnerability being discovered in one of the services currently in use in your infrastructure. If it’s a server vulnerability disclosed to the underground community before a patch is developed, there would be no choice but to either disable that service or, if it is critical, live with the risk which will leave you exposed. However, if you have a multiplatform failover, provided that the issue is not cross platform (which luckily isn’t that common), all you need to do is switch to the alternative platform until the problem is resolved thus eliminating the exposure risk.

The only thing that this will obviously not protect you against is hardware failure, but for everything else this scan can also be cost effective in that you would not require additional hardware for a failover environment (to a certain degree, obviously it would still be recommended to have some infrastructure in place to switch over to, should some of the hardware fail) as the platforms can be installed on the same machine in dual booting mode.

All this is just an idea – I am not aware of this strategy being put into use anywhere really. What do you readers think? Would you consider this as being feasible or is it difficult to implement logistic wise? Maybe some of you might actually already employ something like this, in which case it would be nice if you can share some of your experiences of using such an approach!

John Mello October 12, 2009 at 4:19 pm
While using cross-platform networks to counter malware infections sounds like an interesting idea, it isn’t one that has escaped the radar of the Black Hats. As long ago as 2006, researchers discovered proof of concept viruses aimed at infecting multiple platforms. They found a concept virus written in Assembly language designed to infect both ELF (Linux) and PE (Windows) files. (http://www.eweek.com/c/a/Security/CrossPlatform-Sample-Virus-Targets-Windows-Linux/) This is just more evidence of how difficult it is to keep one step ahead of malware community.
Emmanuel Carabott October 13, 2009 at 8:54 am
Thanks John, thats really very interesting, I have to admit I didn’t know about this concept virus, will check it out as its very interesting. Unfortunately this article doesn’t really give much details about the virus and its inner workings.. however it seems that this proof of concept can infect binaries of both systems but it doesn’t say if it can run system independently which i cant really think of a way how to achieve.
In any case obviously you’re right, there is no sure 100% way to mitigate all risk factors. There is a certain level of security you can achieve cost effectively then anything above that involves very high cost, generally drastic measures and mitigates a small amount of risk. Cross Platform setup might be one such option perhaps.

Comments are closed.

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email privacy@gfisoftware.com from the email address you used when submitting this form.

Could Cross Platform be used as a means of redundancy?

About the Author: Emmanuel Carabott

2 Comments

Could Cross Platform be used as a means of redundancy?

Get your free 30-day trial

Get your free 30-day trial

About the Author: Emmanuel Carabott

2 Comments