I'm absolutely not advocating that anyone implement security through
obscurity, but would have to agree that some degree of obscurity can slow
down some attacks.. however, it should be the VERY, VERY, VERY last thing
on your mind, and NEVER be relied upon as a means of protecting a network,
. There are many other steps needed
for prevention, this is just one of those steps.
Mike
- -Original Message-
From: TheFinn [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 07, 2002 9:52 AM
To: Josh Glover
Cc: [EMAIL PROTECTED]
Subject: Re: security through obscurity (was: Re: remove apache os
I'd go with the idea, Security through obscurity, Isn't such a bad idea,
No, you are right, it isn't such a bad idea. It is a terrible idea.
On its own, yes it is. Coupled up with regular patching of security holes,
monitoring of logs, a good IDS that is setup to mail/page you, correct
D wrote:
I'd go with the idea, Security through obscurity, Isn't such a bad idea,
No, you are right, it isn't such a bad idea. It is a terrible idea.
On its own, yes it is. Coupled up with regular patching of security holes,
monitoring of logs, a good IDS that is setup to mail/page you,
D wrote:
Sure. I am familiar with both the exploits and the scripts. But do I let
ssh in through my firewall from anywhere? Certainly not.
Btw, BIG question. What are you running if not ssh ?
Not telnet I hope ?
My prose may have been a bit ambiguous, but what I meant was that I do
not
My apologies...
pressed a wrong button or two...and sent that last mail before i was done...
And didn't even remove the unnecessary quotes...
sorry.
Sure. I am familiar with both the exploits and the scripts. But do I let
ssh in through my firewall from anywhere? Certainly not.
The point
On its own, yes it is. Coupled up with regular patching of security
holes,
monitoring of logs, a good IDS that is setup to mail/page you, correct
configurations, and a good background on security, it is actually
useful.
You are right. It would seem that we are arguing about different
Hardly.
Sometimes people are harmless if they don't know your version numbers.
At present exploits are merely bullets (and that's only if they've been
standardised to fit into another piece of software) fear the gun.
Currently, hackers are not telnetting to your port 22 seeing if you
Jay D. Dyson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 4 Jun 2002, Muhammad Faisal Rauf Danka wrote:
I'd go with the idea, Security through obscurity, Isn't such a bad idea,
I mean drop down all around the corner what exactly security is, the on
going effort to
to beef up my *real* security, but every little
bit helps.
Brownfox
-Original Message-
From: Jay D. Dyson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 9:57 AM
To: Meritt James
Cc: Pinsky Dan; [EMAIL PROTECTED]
Subject: Re: security through obscurity (was: Re: remove apache os
I'd go with the idea, Security through obscurity, Isn't such a bad idea, I mean drop
down all around the corner what exactly security is, the on going effort to keep away
the *HARMFULS*, If there were no harmful elements, there wouldnt be much of the
security buzz.
So if your telnet banner
While security by obscurity isn't secure, it can be useful in addition
to other security measures. If you've already covered all the usual
security options, making things a little obscure can be another layer.
Nothing can hope to stop everything that's why you need many layers of
security to hope
I definately agree, banners that jump out and say 'look at me, Im easily exploitable'
aren't a good thing. Changing them definately won't fix any exploits at all, but I
think obscuring them lowers your chances of being noticed slightly. With all the
script kiddies and so called
BINGO!
Jay D. Dyson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 4 Jun 2002, Meritt James wrote:
...but be advised: banner obfuscation provides no real security
benefit. Security through obscurity ain't.
Nice filter to keep out the harmless...
If
14 matches
Mail list logo
