The same case in information security: Moving the ssh server to an unassigned port of 51000 may provide some degree of security but a person with a curious nature or port scanner can quickly locate and gain access to the server. The popular formulation, going back to Kerckhoffs, is that there is no security by obscurity, meaning that the. STO presents a dangerously simplistic approach to security, and in the absence of additional significant controls, anyone with a curious nature or malicious intent can gain entry. This view is still endorsed in cryptography. That’s security through obscurity: if the secret ever gets out, it’s game over. That’s pretty secure but until a thief finds out and the security is breached. Or when you have an expensive house with a secure lock system but the way to open the lock is by simply jiggling it. The chances of you being able to do better than the security community is low. Even the best systems have flaws, despite the leading experts having worked on them for decades. ![]() If you roll your own crypto it is very likely to be flawed. ![]() But the moment a thief discovers the hiding place it’s game over. There are two main issues with the security and obscurity mode. ![]() Many arguments have come up in the past regarding the strength of the strategy, many arguing that STO should never be the only security mechanism.įor instance, hiding the key to your house under the welcome matt will keep it secure as the secret remains with you only. Security through obscurity (commonly referred to as security by obscurity) is an attempt to increase security by keeping some elements secret.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |