Security Basics mailing list archives
Re: RE: Concepts: Security and Obscurity
From: levinson_k () securityadmin info
Date: 12 Apr 2007 08:24:15 -0000
obscurity. It is these very actions that prevent adequate vetting and review of the control and thus allow weak or even corrupt practices to infiltrate your control portfolio. Obscurity frequently corrupts
These statements are only true in some situations, not all. You're taking worst case scenarios and making them represent every scenario. Obscurity, firewalls, any countermeasure can be insecurely implemented by an untalented person, but that doesn't make the countermeasure itself ill advised.
Obscurity should be seen as a control of last resort and not part of in depth portfolio.
"Control of last resort" implies that obscurity should be used when no other countermeasure is possible. To the contrary, obscurity should never be the only countermeasure used, so it should never be the control of last resort. kind regards, Karl Levinson http://securityadmin.info
Current thread:
- Re: Concepts: Security and Obscurity, (continued)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Re: Re: Concepts: Security and Obscurity lordl3ane (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Re: Concepts: Security and Obscurity Lord Bane (Apr 11)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 11)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 11)
- Re: Re: Re: Concepts: Security and Obscurity danogh (Apr 11)
- Re: Re: Re: Re: Concepts: Security and Obscurity levinson_k (Apr 12)
- Re: RE: Concepts: Security and Obscurity levinson_k (Apr 12)
- Re: Re: Concepts: Security and Obscurity lordl3ane (Apr 12)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 17)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 12)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 12)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 12)
- Re: Concepts: Security and Obscurity Ansgar -59cobalt- Wiechers (Apr 12)
- Message not available
- Message not available
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 17)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 12)
- Re: Concepts: Security and Obscurity Jeffrey F. Bloss (Apr 13)