Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Concepts: Security and Obscurity

From: levinson_k () securityadmin info
Date: 12 Apr 2007 08:24:15 -0000
obscurity. It is these very actions that prevent adequate vetting and review
of the control and thus allow weak or even corrupt practices to infiltrate
your control portfolio.  
Obscurity frequently corrupts 


These statements are only true in some situations, not all.  You're taking worst case scenarios and making them 
represent every scenario.  Obscurity, firewalls, any countermeasure can be insecurely implemented by an untalented 
person, but that doesn't make the countermeasure itself ill advised.



Obscurity should be seen as a control of last resort and not part of in depth
portfolio.


"Control of last resort" implies that obscurity should be used when no other countermeasure is possible.  To the 
contrary, obscurity should never be the only countermeasure used, so it should never be the control of last resort.

kind regards,
Karl Levinson
http://securityadmin.info
Previous By Date Next
Previous By Thread Next

Current thread: