On 07/24/2009 03:21 PM, Matthew Woehlke wrote:
> Why is it people seem to have a problem with obscurity *on top of*
> security? What's wrong with making it as hard as possible for the "bad
It's well known that "security through obscurity" is an insufficient
defense. Only fools would rely on obscurity for strong security. Some
have taken that to mean that only fools employ obscurity as part of
In nearly all cases that anybody here will be asked to deal with,
attackers have more than one potential target and will take the
lowest-cost path to achieve their ends. Obscurity increases costs.
Getting a strong safe with a good lock is important if you're going to
keep your gold in your house. Burying that safe in the back yard or
behind a wall increases the amount of time it will take a good
safe-cracker to get your gold, by varying amounts. He's only got so
much time since your alarm system already called the cops, so if you
make him spend that time finding the safe, he has less time to it.
But the costs aren't only for the safe cracker. If you've buried that
safe in the back yard, it's going to be a to get the gold out when
you need it. Same with DROP'ing packets - it makes network management
and troubleshooting harder. So, more people will opt for a hidden
wall-mounted safe and not put a sign on their front door that reads,
"the safe is under bar in the study". Even if it's got an awesome lock.
I use layered firewalls, encrypt my disks, keep my software up-to-date,
REJECT connections, respond to pings, and I'm not telling you where my
gold is hidden. ;) Those are the right trade-offs for my situation, YMMV.
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
http://www.bfccomputing.com/ Cell: 603.252.2606
Twitter, etc.: bill_mcgonigle Page: 603.442.1833
Email, IM, VOIP: bill@xxxxxxxxxxxxxxxx
fedora-devel-list mailing list