http://www.securityfightclub.com/security-by-obscurity-is-not-security-at-all/ Brought to you by Awareness Technologies Fri, 04 Jun 2010 00:25:36 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://www.securityfightclub.com/security-by-obscurity-is-not-security-at-all/comment-page-1/#comment-43 K. Brian Kelley Tue, 27 Oct 2009 21:42:20 +0000 http://www.securityfightclub.com/?p=39#comment-43 Security by obscurity shouldn't be the only security measure taken, but there is some benefit to using it as part of the overall solution. For instance, using an IPSEC policy to block UDP/1434 and moving your SQL Server to a non-standard port, preferably one in the upper range, means it will take a lot longer for an attacker who is unfamiliar with the configuration to discover the SQL Server to attack it. And that gives you additional opportunities to discover the attacker. Of course, when he or she does, that's when the other measures should be there for. Security by obscurity shouldn’t be the only security measure taken, but there is some benefit to using it as part of the overall solution. For instance, using an IPSEC policy to block UDP/1434 and moving your SQL Server to a non-standard port, preferably one in the upper range, means it will take a lot longer for an attacker who is unfamiliar with the configuration to discover the SQL Server to attack it. And that gives you additional opportunities to discover the attacker. Of course, when he or she does, that’s when the other measures should be there for.

]]>