Diff: SecurityByObscurity

Differences between current version and predecessor to the previous major change of SecurityByObscurity.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 5 Last edited on Friday, August 1, 2003 8:20:26 pm by CraigBox
Older page: version 3 Last edited on Friday, August 1, 2003 4:48:34 am by AristotlePagaltzis Revert
@@ -3,4 +3,18 @@
 * Using different names for the SuperUser accounts, such as bob, rather than "root" or "administrator" 
 * Running daemons on non-standard ports. 
 * Running obscure variants of software or hardware which neither exploits are readily available for nor much attention is paid to. 
 * Distributing software as [BinaryExecutable]s, keeping [source code closed|ClosedSource] so that it cannot easily be examined for weaknesses. 
+The point of security is to have as much of your security public where people can comment on it and suggest improvements, and then you want to have the smallest possible part of your security secret.  
+This is how encryption works. The encryption algorithm is public knowledge, and heavily researched by cryptographers. However the "key" (or "password") is kept secret.  
+The other point is to have the secret be easily changed, so if it's ever compromised you can easily change it. (Or, even if it's not easily compromised you want to change it anyway).  
+Security through obscurity is usually frowned upon, because the "secret" is usually larger than it has to be, and is usually obscuring huge security flaws. ("I use a new cryptographic algo I made up! Noone knows what it is, so it must be secure!"). This is often considered even *less* secure than having a well known insecure system because you trust the security more than you should.  
+Much of the discussion at the top of this page isn't advocating security through obscurity. It's advocating diversity and avoiding a monoculture which is an entirely different concept. The idea behind a monoculture is that if everything is identical, then if you found a flaw in one, you've found a flaw in them all. If there is some varience between instances of a security infrastructure then you have to rediscover the flaw for each instance, which drastically slows down the attacker from compromising machines, but does not slow an attacker trying to attack any specific instance.