The question isn't whether Obscurity provides security at all, but rather if the... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Illniyar on June 8, 2016 | parent | context | favorite | on: Obscurity Is a Valid Security Layer

The question isn't whether Obscurity provides security at all, but rather if the tradeoff you make with ease of use and maintenance is worth it.

From my experience obscurity is usually trivial for a determined attacker to overcome, and if it's not a determined attacker your normal security layer will probably be insurmountable to an attacker of opportunity.

For the small time (let's say an hour) that it'll add to a determined attacker's time you force your users to use an extra key just to detect the ssh port your using (the example he used in the article).

danielrm26 on June 8, 2016 [–]

The point is to apply all your real security and then add obscurity afterwards to lower your risk even further.

Wear the armor, then engage your cloaking device.

Don't substitute the cloaking device for the armor, but also don't dismiss the value of not being targeted.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact