Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Mar 27, 2013 at 10:12:28AM -0400, Rich Pieri wrote: > Security by obscurity is no security at all. This is a popular mantra of paid security professionals, but it is a fallacy, and in fact is a tool that those very same people employ every day (e.g. recommendations to run ssh servers on non-standard ports, configure servers to respond with non-default banners, etc.). The benefits of such measures often amount to foiling script kiddies who may otherwise compromise your otherwise vulnerable system with zero effort, but that itself can be a big win, since this is the overwhelming majority of attack traffic that most sites see. It's virtually impossible to completely harden your network against a very knowledgable and determined attacker. So, PART of the point of securing your systems (passive measures) is to slow them down, to give you a chance to notice their activites, so you can react and do something about it (active measures). Security through obscurity IS a useful tool to that end. It just needs to be understood that it is not sufficient, and it is one of the least effective methods... you need security in depth, and obscurity is a VERY SMALL part of that, but it is indeed a part. The REAL gains you get from it are small, but they're often trivial to implement, so they're cost-effective. In the end, security is about trading costs... just like buying insurance. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |