Hide n' Seek (aka Security Through Obscurity)

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
fullmoonremix

Hide n' Seek (aka Security Through Obscurity)

Post#1 by fullmoonremix » 14 Aug 2016, 13:11

The purpose of Security through obscurity (eg. a network tarpit and/or port spoofing) is to waste the resources of an attacker.
If deployed as part of a larger IT defensive strategy it's objective is to discourage (NOT prevent) successful attacks.

The link below presents a classic example of Security through obscurity ...
http://linuxlookup.com/howto/change_default_ssh_port

Port spoofing is NOT a panacea. It is simply a tactic that is part of a larger toolkit (see... Intrusion detection system ).

Philosopher Mode: "On"

Here are a few ways to look @ defensive tactics...
- Niccolò Machiavelli ... (" The Prince")

"Every one sees what you appear to be, few really know what you are"
"Appearance" in this case means an IT... Black hole .
- Carl von Clausewitz ... (" On War ")

"Cunning implies secret purpose. . . . It is itself a form of deceit. . . .
No human characteristic appears so suited to the task of directing and inspiring strategy. . . . "
"Cunning" in this this case suggests if the intruder's attacks are clever... the system defenses should be too.
- Yagyū Munenori ... (" A Hereditary Book on the Art of War ")

It is hard to be impossible for others to cut down.
"Impossible" in this case simply means... to have a IT contingency plan that is muscular enough to discourage (NOT stop) even the most brazen attacker.

PREFACE:
There is a prevailing mindset some have that... IT "security" (or any kind) is some sort of magic wand.
In reality... "security" is a mosaic of defensive tactics employed to address (NOT prevent) disaster.

In "security" there are NO guarantees only tactics... (eg. Chess tactic ) Chess is used
as an example because AI ("gaming") forms the basis of modern warfare technology.



Posted by 73.112.17.71 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 20 Aug 2016, 22:10, edited 51 times in total.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: Hide n' Seek (aka Security Through Obscurity)

Post#2 by brokenman » 14 Aug 2016, 22:41

I find this thread nonsensical and therefore useless. You open with a philosophical quote, then link to a chess tactic and finally close with a link to change your default ssh port, none of which has anything at all to do with security through obscurity. I was hoping for an interesting read.

If you made a mistake and left something out then add it otherwise I will remove this post in 2 days.
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: Hide n' Seek (aka Security Through Obscurity)

Post#3 by fullmoonremix » 15 Aug 2016, 02:21

Ok... I see you are referring to context.

Security through obscurity is the idea that as a tactic ... spoofing attackers is a valuable tool.

The "interesting" part is... if incorporated as part of a comprehensive security strategy
(eg. "opt in" firewall) it becomes part of a aggressive deterrent against attacks.

I for one... have "baked in" approaches like this one (and others) in my soon to be released derivative (subversion?).

@ brokenman ... Jay I'm multitasking a lot lately (resolving real life issues) so concentration is in short supply. No worries... the thread is edited.

Regards... (David)

Post Reply