10/25/2022 0 Comments Security through obscurity![]() ![]() This includes WordPress along with its plugins and themes but also includes your version of PHP, Apache or Nginx, MySQL, etc on your web server. Security should come in layers too, but, like Kevlar, each should be carefully planned and considered.Ī good layered security plan will include things like: However, with enough layers of Kevlar, bullets are stopped and their impact is spread safely across a larger impact zone. The most common type of bulletproof (resistant) vests is made of a material that does not stop bullets. Security doesn’t have to be limited to one type though. Rogues are very keen in their profession, and know already much more than we can teach them. His response to this concern applies as directly to today’s technical systems as it did to the locks of the nineteenth century: In it, he said that “many well-meaning persons” assume that public exposure of a lock’s insecure design will end up helping criminals. Alfred Charles Hobbs, a locksmith, wrote a book in 1853 titled “ Construction of Locks and Safes “. The question of whether the secrecy of systems is beneficial for security is not new. Open Design - System security should not depend on the secrecy of the implementation or its components. A common mantra among digital security professionals is “security by obscurity is not security at all.” Even the National Institute of Standards and Technology, in their Guide to General Server Security (PDF) teach against it: ![]() All of the most popular open-source applications use this method, from WordPress to Linux, and it has been extremely successful.īy contrast, security through obscurity hasn’t been proven to work on its own. SECURITY THROUGH OBSCURITY CODEIt puts the code in front of lots of people by opening it up and relies on the efforts of the masses to find and close any security vulnerabilities. Security by openness relies on Linus’s Law, which states that “given enough eyeballs, all bugs are shallow” (an obvious adaptation of the oft proven idiom “many hands make light work”). Instead, rules are enforced and everything is checked and validated. User input and often even internals are not trusted. A system is designed from the beginning with security in mind. Security by design means pretty much what it sounds like. The first two have been proven over and over to be extremely effective, even on their own. There are three basic types of security: security by design, security by openness, and security by obscurity. SECURITY THROUGH OBSCURITY PASSWORDThinking that a weak password is okay because no one knows where to go to log in anyway is dangerous. However, it’s quite common to see people use obscurity as a replacement for good security. ![]() They don’t usually hide the admin page of their site instead of having a username and password. The reason that analogy is bad is that it’s rare that you find someone that uses security by obscurity as their only means of security. It might slow the thief that expects it to be in your driveway, but when some thief does happen upon it, it’s easy pickings. It’s not truly analogous, but imagine it being like hiding your car instead of locking it, to try to keep it from being stolen. Security through obscurity? What does that even mean? Security through obscurity is the reliance on the secrecy of the implementation of a system or components of a system to keep it secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |