Network Security guide for the home or small business network – Part 15 – Security Through obscurity



I remember many years ago watching a Dr. Who episode where a very important key was “hidden” in a display of many other keys. Kind of like hiding a tree in a forest. This concept is “security by obscurity”. Generally this is considered a bad approach to security. It is a bad approach if this is the ONLY thing you consider. Many examples are security by obscurity are usually thought of as… proprietary applications that keep source code secret so no one can find what flaws exist, using operating systems or programs that are “obscure” or have small market share and are not targetted.


The first item is obviously one that doesn’t work. How many security vulnerabilities in Windows have been reported from outside Microsoft? I don’t know that there’s an accurate count – point is LOTS. The second one is something I talked about in the last entry. It can help as a part of an overall strategy but shouldn’t be considered the magic bullet. There are some things about the design of Apple and Linux systems that I think discourage the spread of malware if done right, but not every distribution (or user) may “do things right”. Any built in security measure is usually possible to circumvent.

Another angle on security through obscurity is this. Let’s say you decide you DO want to run a webserver on your machine and allow access from the outside world. Let’s say that you don’t want it to be obvious though and decide that instead of the usual port 80, you want it to run on port 8888, then to access it an outsider would have to enter http://yoursiteaddress:8888 The address wouldn’t show up in a typical scan for listening servers on port 80 and it would certainly have less visibility. If it’s configured insecurely though it certainly won’t help protect against someone that discovers it and wants to break in.

So, in certain circumstances, obscuring yourself for security purposes can be useful, but they shouldn’t be relied on as the only way to stay safe.

Related Posts

Blog Traffic Exchange Related Posts
  • Beware: Wolves in sheeps clothing found on different sites (security scams) This is another "wolf in sheeps clothing" alert. The Sunbelt blog has information and tips on a number of other sites that are posing as either the Windows security center page, or a page not found error. The windows security center spoof once again claims the following "Attention! Your system......
  • Testing your firewall for open ports For several years now I've used a neat tool at Gibson Research to test a clients firewall quick and easy from the web browser. They have a tool called Shields Up that does a limited port scan to determine of network ports are open, closed or "stealth". One of the......
  • Network Security guide for the home or small business network - Part 2 - A Software Firewall Do I really need a hardware firewall? I'm running XP Service Pack 2 with the built in firewall? (or norton, or zonealarm?) Well, personal firewalls (the name that software firewalls go by) are good for a great many things that hardware firewalls AREN'T. They do have their limitations though and......
Blog Traffic Exchange Related Websites
  • 20 Awesome Free OS Downloads Here's a collection of 20 that are worth checking out. There are plenty more, so if you'd like to add your favorites, share them in the comments! Fedora 10 - One of the few live distros that didn't have any trouble with the hardware on my MSI Wind netbook. My......
  • Is Social Security a Ponzi Scheme? (Part 1: Ponzi History) As we head toward the 2012 election, you'll probably hear more politicians echo the thoughts of Texas governor Rick Perry and call Social Security a Ponzi scheme.  The mouth of a politician isn’t always the best source of accurate information.  Is Rick Perry's assessment correct? Before determining whether or not......
  • Is Man naturally evil? Is Man naturally evil: What is evil: People generally have a difficult time defining "evil." Often, they are reduced to giving examples such as rape and genocide. Others believe "evil" is, at best arbitrary, and more likely imaginary. However, when we see evil in an amplified state, regardless of our......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site