Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] DNS question about DNSENUM.PL



On Wed, Mar 27, 2013 at 10:12:28AM -0400, Rich Pieri wrote:
> Security by obscurity is no security at all.
 
This is a popular mantra of paid security professionals, but it is a
fallacy, and in fact is a tool that those very same people employ
every day (e.g. recommendations to run ssh servers on non-standard
ports, configure servers to respond with non-default banners, etc.).
The benefits of such measures often amount to foiling script kiddies
who may otherwise compromise your otherwise vulnerable system with
zero effort, but that itself can be a big win, since this is the
overwhelming majority of attack traffic that most sites see.

It's virtually impossible to completely harden your network against a
very knowledgable and determined attacker.  So, PART of the point of
securing your systems (passive measures) is to slow them down, to give
you a chance to notice their activites, so you can react and do
something about it (active measures).  Security through obscurity IS a
useful tool to that end.

It just needs to be understood that it is not sufficient, and it is
one of the least effective methods... you need security in depth, and
obscurity is a VERY SMALL part of that, but it is indeed a part.  The
REAL gains you get from it are small, but they're often trivial to
implement, so they're cost-effective.  In the end, security is about
trading costs... just like buying insurance.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org