Jump to content
Objectivism Online Forum
Sign in to follow this  
Gus Van Horn blog

Reblogged:Obscurity Isn't Security, but It Helps

Rate this topic

Recommended Posts

If you've ever heard someone pooh-poohing "security by obscurity" (but wondered if he knew what he was talking about), Daniel Miessler has some food for thought over at his eponymous blog:

Photo by Allef Vinicius on Unsplash
Many of us are familiar with a concept known as Security by Obscurity. The term has negative connotations within the infosec community -- usually for the wrong reason. There's little debate about whether security by obscurity is bad; this is true because it means the secret being hidden is the key to the entire system's security.

When added to a system that already has decent controls in place, however, obscurity not only doesn't hurt you but can be a strong addition to an overall security posture. [minor edits]
It had always truck me as strange to hear people disparage obscurity as a security measure, but I never gave it more thought than, "It certainly doesn't hurt, and I'm pretty sure it can help." (That said, I was not making the incorrect assumption, that obscurity can carry the whole load, though. Some people do.)

What Miessler does in the rest of his post is walk through is the nature of the benefit of obscurity and explain exactly how it helps. For the mathematically inclined, he even reduces this down to a product of conditional probabilities. But the math is easily translated into plain English: Obscurity reduces your odds of being attacked in the first place, but you should avail yourself of ways to reduce the effects of a successful attack, too.

-- CAV

Link to Original

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.