Security obscurity3/3/2023 ![]() I was unaware of this statement’s significance or how this adage has shaped the mindsets of some security professionals today. Obscurity measures can complement Security, and as long as it is not employed in complete isolation, it can be considered another powerful tool to provide defense in depth.What is the biggest cyberthreat of tomorrow?Ībout eight years ago, early in my days in the security community, at an event we were attending (long before the coronavirus cancelled them all) I remember hearing a saying: ‘security through obscurity’. STO can slow reconnaissance activity, and force the attacker to initiate actions that can no longer be as stealthy, resulting in increased exposure. When cybersecurity professionals talk about STO, the real concern is that Security is implemented solely through obscurity - a state where the only protection mechanism involved is hiding critical details or function of an asset. Some professionals would argue that using STO as your only layer of defense puts you at HIGH risk because essentially, you have zero protection, and in today's climate, that's not bad that's ugly. ![]() Solely relying on Security through Obscurity as a Security mechanism is a BAD idea. Let me repeat it for the people in the back. STO will not be effective against blind attacks or APTs. Solely relying on STO to protect your assets is a bad idea. STO is only useful when used as an additional layer of defensive. In that case, the attacker loses his stealth, and you'll know an attack is ongoing. How? Suppose an attacker seeks to forgo the recon phase because of the lack of information available and decides to execute a Hail Mary Attack, well. SSH is known to run on port 22, but what if you change that operation port to 65822? Again, bear in mind that these tactics might only slow the recon and the exploitation phase, so beware of the bad and the ugly.Ĭoupled with your intrusion detection and prevention system (IDS), Using STO techniques could allow for early detections of ongoing attacks. Another example would be to change default ports for services such as SSH for example. Information such as banner information, default configuration settings, and default system reactions are hidden or altered when using STO to throw attackers off.įor example, removing banner information, such as the webserver version number (e.g., nginx 1.6.1) or the version number and name of the software running on the webserver (e.g., WordPress 5.6). Having implemented STO would have slowed this process down, potentially deterring non APTs from following through with an attack. Reconnaissance or recon for short is a phase of the hacking methodology where the attacker sets out to learn as much information about the target system in an attempt to launch an effective attack. How? Well, for starters, it slows one of the most critical phases of the hacking methodology - Reconnaissance. Used along with other security mechanisms, such as TCP Wrappers, proper firewalling, IP-based restrictions, 2FA, Security Through Obscurity can be a very efficient way to reduce the chances of an attack. While the assumption is not entirely inaccurate, there are a few things you should take into consideration. Generally, when implementing STO, it is assumed that, as long as attackers lack information about the system's internal design, they will not get at its vulnerabilities. ![]() Simply put, Security Through Obscurity is based primarily on hiding vital information and enforcing secrecy as the primary security technique. ![]() What Exactly is Security Through Obscurity (STO)? Let's explore this concept in its entirety to expose the good, the bad, and the ugly. Basing their conclusion on the premise previously mentioned, they aren't wrong however, that's just half the picture. As such, many cybersecurity professionals frown on the idea of implementing Security through obscurity because it is a "Bad" practice. It is commonly based on the premise that the secrecy of specific details or functions of a system can ensure Security. Security Through Obscurity (STO) is a controversial topic within the infosec community.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |