|
|
|
|
|
|
by yatralalala
468 days ago
|
|
|
So many thoughts on that, but from my perspective - obscurity is ok, but you can not depend on it at all. Great example is port knocking - it hides your open port from random nmap, but would you leave it as the only mechanism preventing people getting to your server? No. So does it make sense to have it? Well maybe, it's a layer. Kerckhoffs' principle comes to my mind as well here. So while I agree with you on that's obscurity is fine strategy, you can never depend on it ever. |
|
|
Right, I'm arguing that this is a property of all security mechanisms. You can never depend on a single security mechanism. Obscurity is no different. You cannot depend only on encryption, you cannot depend only on air gaps, you cannot depend only on obscurity, you cannot depend only on firewalls, you cannot depend only on user permissions, you cannot depend only on legal deterrents, you cannot depend only on legal threats, etc..