Security Basics mailing list archives
Re: Re: Re: Re: Concepts: Security and Obscurity
From: levinson_k () securityadmin info
Date: 12 Apr 2007 08:40:03 -0000
Obscurity is just that, obscure. Its hiding rather than actually proactively keeping people out... just makes it slightly harder. The attackers must try a few doors before they find the one with the network gear, or call the company and say theres something wrong with the website can they talk with the webmaster to let them know,
One might as well throw away your antivirus and firewalls, because those won't block social engineering either.
When we define things this way, then we can clearly see why obscurity doesnt add much benefit against targeted attacks.
Obscurity isn't intended to block targeted attacks, just as firewalls aren't intended to block social engineering. The people here who require countermeasures to be 100% effective against everything will quickly end up with no countermeasures at all. But at least they won't have, horror of horrors, a false sense of security! Obscurity does help you against targeted attacks, in that targeted attacks that hit your SSH server listening on a nonstandard port will tend to stand out, because your logs will have less noise in them. kind regards, Karl Levinson http://securityadmin.info
Current thread:
- RE: Concepts: Security and Obscurity, (continued)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Re: Re: Concepts: Security and Obscurity lordl3ane (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Re: Concepts: Security and Obscurity Lord Bane (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 11)
- Re: Re: Re: Concepts: Security and Obscurity danogh (Apr 11)
- Re: Re: Re: Re: Concepts: Security and Obscurity levinson_k (Apr 12)
- Re: RE: Concepts: Security and Obscurity levinson_k (Apr 12)
- Re: Re: Concepts: Security and Obscurity lordl3ane (Apr 12)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 17)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 12)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 12)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 12)
- Re: Concepts: Security and Obscurity Ansgar -59cobalt- Wiechers (Apr 12)
- Message not available
- Message not available
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 17)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 12)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Concepts: Security and Obscurity Jeffrey F. Bloss (Apr 13)