Security Basics mailing list archives

Re: Concepts: Security and Obscurity

From: work () moltenplanet com
Date: 4 Apr 2007 17:09:57 -0000

Hi

I agree with much of what you say, in that obscurity may provide a layer of additional complexity that increases the 
work involved in breaking into a sytem and from that perspective is a delaying mechanism, however the question remains 
as to whether it adds anything of real value to a properly secured non-obscure system.

From my perpective the example used is weak as the system relies entirely on the authenticated SSH for security, if 
this is properly secured using an authentication server then what is the port knocking needed for.


Reently a number of studies and designs have been mooted around authenticated port knocking, however this really seems 
a way of replacing the ideas dependance on obscurity. 

Best regards
Mark Sutton

Current thread:

Concepts: Security and Obscurity Daniel Miessler (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
  - Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
    - Re: Concepts: Security and Obscurity ericfurman (Apr 10)
    - RE: Concepts: Security and Obscurity David Gillett (Apr 11)
- RE: Concepts: Security and Obscurity security (Apr 05)
- <Possible follow-ups>
- Re: Concepts: Security and Obscurity work (Apr 04)
  - Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
    - RE: Concepts: Security and Obscurity Mark Sutton (Apr 09)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 05)
  - RE: Concepts: Security and Obscurity Mandelcorn, Seymour (Apr 09)
- RE: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- Re: Concepts: Security and Obscurity krymson (Apr 05)
  - RE: Concepts: Security and Obscurity Ken Kousky (Apr 09)
    - RE: Concepts: Security and Obscurity John Rodriguez (Apr 09)
    - RE: Concepts: Security and Obscurity Ken Kousky (Apr 10)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 05)

(Thread continues...)