RE: Concepts: Security and Obscurity

["Mark Sutton" <work () moltenplanet com>]

On the surface I agree, arguably though the world as a whole is not the
issue if your talking about someone hacking an authentication server, by
which I mean the 99.9% aren't the problem. If a hacker can compromise a
decent firewall, protected with an authentication server, prior to
connecting to the SSH daemon on some internal system then the obscurity
principle of the port knocking would not have me sleeping easily and
dreaming of kerchoff :)

I did like the article, however, its good to kick these things around.

Best Regards
Mark Sutton

-----Original Message-----
From: Daniel Miessler [mailto:daniel () dmiessler com] 
Sent: 05 April 2007 04:31
To: work () moltenplanet com
Cc: security-basics () securityfocus com
Subject: Re: Concepts: Security and Obscurity


On Apr 4, 2007, at 1:09 PM, work () moltenplanet com wrote:

> From my perpective the example used is weak as the system relies 
> entirely on the authenticated SSH for security, if this is properly 
> secured using an authentication server then what is the port knocking 
> needed for.

Well, in my view it's beneficial to eliminate the ability of the world as a
whole to even CONNECT to your daemon in the first place.  
Even if there is very strong authentication in place, there's no way to know
that the system cannot be compromised *before* that point.

As such, taking away that exposure for 99.9% of the planet seems to me like
a very strong security measure.

Thoughts?

--
Daniel Miessler
E: daniel () dmiessler com
W: http://dmiessler.com
G: 0xDA6D50EAC