Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Security through Obscurity [was RE: Using RDP Port 3389]

Re: Security through Obscurity [was RE: Using RDP Port 3389]

From: Elizabeth Zwicky <zwicky_at_greatcircle.com>
Date: Wed, 28 Apr 2004 10:02:30 -0700

At 1:46 PM -0400 4/27/04, Gwendolynn ferch Elydyr wrote:
>Speaking of security through obscurity, does anybody happen to have
>pointers for a pointy-hair friendly explanation of why it may be an
>adjunct to security, but certainly shouldn't be a primary mechanism?

With obvious self-interest, I have to say I think the explanation in
the 2nd edition of Building Internet Firewalls (pp 71-72) is not bad.
One of the things we do is compare it to day-to-day examples, like
putting your valuables out of sight when you leave them in the car.
It's a useful technique, but you still have to lock the car! We also
discuss why using different ports is not particularly obscure
(you can check all the ports, or look at traffic, or social engineer
somebody into telling you the port).

        Elizabeth Zwicky
        zwicky_at_greatcircle.com 

----
zwicky_at_greatcircle.com
Newest project: Opal Eleanor Armstrong Zwicky, born March 4, 2004
Nothing much happened in the last year except a death, a wedding,
flesh-eating bacteria, a move, and a birth.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 28 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos