[ale] Security Through Obscurity (was: iptables: DROP vs. REJECT --reject-with tcp-reset)

[Kevin Krumwiede]

This is true to a point, but there is still something to be said for
security through obscurity.  It doesn't stand on its own, but it can still
be a valuable part of your defensive strategy.  As an example, running your
IIS web server on a non-standard port will not protect it from a thorough
port scan directed deliberately at you.  However, the vast majority of port
scans you're going to receive will be from some skript kiddie doing a quick
check of the standard ports before moving on to the next IP address.  In
this scenario, there's a good chance that having your server on a
non-standard port will result in it being overlooked.  Maybe it will save
you from getting fingerprinted and added to some black hat's database.  And
maybe it will protect you the next time some worm ravages the Net.  (Better
to have kept up on your security patches, but a little obscurity can't
hurt.)

In short, don't rely on security through obscurity, but don't write it off,
either.  My $0.02.

Krum


Amarendra Godbole (Intl Vendor) [mailto:v-amarg at microsoft.com] wrote:

> Keeping the packet filtering tool aside, security by obscurity is no
> longer a valid scenario, and never works for a longer time. DROP and


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.