Security Basics mailing list archives
RE: Concepts: Security and Obscurity
From: "Mark Sutton" <work () moltenplanet com>
Date: Thu, 5 Apr 2007 10:19:34 +0100
On the surface I agree, arguably though the world as a whole is not the issue if your talking about someone hacking an authentication server, by which I mean the 99.9% aren't the problem. If a hacker can compromise a decent firewall, protected with an authentication server, prior to connecting to the SSH daemon on some internal system then the obscurity principle of the port knocking would not have me sleeping easily and dreaming of kerchoff :) I did like the article, however, its good to kick these things around. Best Regards Mark Sutton -----Original Message----- From: Daniel Miessler [mailto:daniel () dmiessler com] Sent: 05 April 2007 04:31 To: work () moltenplanet com Cc: security-basics () securityfocus com Subject: Re: Concepts: Security and Obscurity On Apr 4, 2007, at 1:09 PM, work () moltenplanet com wrote:
From my perpective the example used is weak as the system relies entirely on the authenticated SSH for security, if this is properly secured using an authentication server then what is the port knocking needed for.
Well, in my view it's beneficial to eliminate the ability of the world as a whole to even CONNECT to your daemon in the first place. Even if there is very strong authentication in place, there's no way to know that the system cannot be compromised *before* that point. As such, taking away that exposure for 99.9% of the planet seems to me like a very strong security measure. Thoughts? -- Daniel Miessler E: daniel () dmiessler com W: http://dmiessler.com G: 0xDA6D50EAC
Current thread:
- Concepts: Security and Obscurity Daniel Miessler (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
- Re: Concepts: Security and Obscurity ericfurman (Apr 10)
- RE: Concepts: Security and Obscurity David Gillett (Apr 11)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
- RE: Concepts: Security and Obscurity security (Apr 05)
- <Possible follow-ups>
- Re: Concepts: Security and Obscurity work (Apr 04)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- RE: Concepts: Security and Obscurity Mark Sutton (Apr 09)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 05)
- RE: Concepts: Security and Obscurity Mandelcorn, Seymour (Apr 09)
- RE: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- Re: Concepts: Security and Obscurity krymson (Apr 05)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 09)
- RE: Concepts: Security and Obscurity John Rodriguez (Apr 09)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 10)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 09)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 05)
- Re: Re: Concepts: Security and Obscurity levinson_k (Apr 09)
- Re: RE: Concepts: Security and Obscurity levinson_k (Apr 09)