Effective Security by Obscurity
share
"Security by obscurity" is a bromide which is frequently applied to undermine the perceived value of a certain class of techniques in security. This usage initially stemmed from applications and experience in the areas of cryptographic theory, and the open vs. closed source debate. Through the perceived absence of true security, the field of security by obscurity has not coalesced into a viable or recognizable approach for security practitioners. The ramifications of this has resulted in these techniques going underused and underappreciated by defenders, while they continue to provide value to attackers, which creates an unfortunate information asymmetry. Exploring effective methods for employing security by obscurity, it can be seen that examples are already embedded unrecognized in other viable security disciplines, such as information hiding, obfuscation, diversity, and moving target defense. In showing that obscurity measures are an achievable and desirable supplement to other security measures, it is apparent that the in-depth defense of an organization's assets can be enhanced by intentional and effective use of security by obscurity.
READ FULL TEXT