Juan Perez wrote:
Let's suppose that I have two servers running the latest and shiniest version of FreeRadius and for some reason there is a bug in FreeRadius that causes the server to crash when a specially crafted RADIUS packet is received.
Hmm... that's hard to do: http://freeradius.org/security.html Notice anything about 2.x on that page?
Let's suppose that there is also an attacker (a disglunted employee maybe?), who knows about this bug and decides to attack my FreeRadius servers, so he starts sending these specially crafted packets to each server and since the two servers have the same bug, both of them would die upon receiving these packets.
Even if that did happen, you would probably notice.
If I have two servers from different vendors, I could thus hopefully guarantee that at least the horrible server would continue working while an attack targeted at FreeRadius is going on. The horrible server doesn't need to be necessarily a Cisco ACS, any other horrible server would do it (Microsoft IAS, Steel-Belted, etc).
So, does it make sense now or is the idea too stupid to be even considered?
Or, you could believe that maintaining the same configuration in two completely independent products is a huge PITA, and not worth the effort of "maybe" avoiding an attack. The FreeRADIUS source code is regularly scanned with Coverity, LLVM, and a few others. Nothing has come up in the last 3 years, for 2.x. Alan DeKok.