[lm411]

I disagree, obscurity wastes attacker resources and easily fools a lot of simple vulnerability scanners.

Obscurity is totally underrated. Attacker resources are limited.

[otikik]

It’s kind of having a line of cardboard tanks. Can be helpful in some circumstances, but it can’t always replace actual tanks

[Geof25]

Actually decoys are very useful in Ukraine Russian war. It is usually decoys of air defense or long range precision fires like Himars and target is to waste resources of opponents long range fires which are limited and/or expensive.

Further more you can also reveal position of the attacker and counterfire.

[fluoridation]

If you have 500 tanks and 500 cardboard tanks, someone with only as many real tanks as you have may not bother attacking. Thus, having the cardboard tanks saved you a battle.

If someone with 1000 tanks attacks, it's a battle you would not have won anyway.

[otikik]

And yet, cardboard tanks have been useful only a handful of times during wartime. Tanks on the other hand have proven their usefulness many times.

[dahcryn]

thank you, I had this debate at work so many times.

Sure it's not a security measure as such, but it's still a worthwile component to the overall defense system.

[fsflover]

The problem with this is, you spend a lot of effort for low benefit. You should spend it on actual security instead.

[literalAardvark]

Changing a port and enabling aslr are not "a lot of effort".

[nithril]

Changing the port is not the kind of security measure that will consume a lot of the attacker resources

[Sohcahtoa82]

Sure, it'll do nothing to stop a determined attacker, but it does wonders to stop the noise from passive scanners.

Are you familiar with the Swiss cheese model of risk management[0]? Obscurity is just another slice of Swiss cheese. It's not your only security measure. You still use all the other measures.

[0] https://en.wikipedia.org/wiki/Swiss_cheese_model

[literalAardvark]

It will conserve a lot of defender resources, it will completely bypass all mass scans, and it will make "determined attackers" much more visible as they will have to find the port first which will show up in logs and potentially land them in a tarpit.

[alkonaut]

What would be "actual security" in this context?

This isn't about security of the same kind as authentication/encryption etc where security by obscurity is a bad idea. This is an effort where obscurity is almost the only idea there is, and where even a marginal increase in difficulty for tampering/inspecting/exploiting is well worth it.

[fsflover]

The one not described as "security through obscurity".

[alkonaut]

My point is: the "security through obscurity is bad" and "security through obscurity isn't real security" are both incorrect.

They apply to different threats and different contexts. When you have code running in the attackers' system, in normal privilege so they can pick it apart, then obscurity is basically all you have. So the only question to answer is: do you want a quick form of security through obscurity, or do you not? If it delivers tangible benefits that outweigh the costs, then why would you not?

What one is aiming for here is just slowing an annoying down an attacker. Because it's the best you can do.

[fsflover]

Somehow your approach was not chosen by Intel ME or AMD PSP, and they remain unbreakable.

[fortyseven]

I'm going to assume whatever efficacy obscurity brings will take increasing hits as AI tooling becomes more commonplace.