Is security by obscurity always bad? MVP Jesper Johansson has co-written a great article along with Roger Grimes, in which the pair attempt to shed some light on why many consider it a waste of time (and others don't), and show you why the answer, as usual, is far more complicated than it seems at first.
Security by obscurity is, in a nutshell, a violation of Kerckhoffs' Principle, which holds that a system should be secure because of its design, not because the design is unknown to an adversary. The basic premise of Kerckhoffs' Principle is that secrets don't remain secret for very long.
The TechNet article at a glance:
- Defining security by obscurity
- Evaluating security by obscurity measures
- Assessing the value of renaming the Administrator account
- Making informed risk-management decisions
If you are an IT Professional involved in maintaining security within you company, Jesper and Roger’s article looks at a number of issues which could help you to protect your computing environment.
MVP Jesper Johansson is a Software Architect working on security software and is a contributing editor to TechNet Magazine. He holds a PhD in Management Information Systems, has more than 20 years of experience in security, and is a Microsoft MVP in Enterprise Security. He is author of several TechNet Magazine security articles and is the author of Windows Server 2008 Security Resource Kit. Jesper has also co-authored two other security books, Protect Your Windows Network and Windows Vista Security.