How to Properly Implement Security by Obscurity

A Scripted Freelance Writer Writing Sample

*In the physical world, secrecy is an asset to security. In the never-sleeping online universe these same methods won't carry over too perfectly. * Despite the term security by obscurity's pejorative origin, it has a place in computer security. For the uninitiated, the term is a security strategy that emphasizes secrecy over protections. It was put to test in the real world in 2008, when the American Numismatic Society transported a collection of rare coins worth hundreds of millions of dollars by using ordinary moving trucks and movers unaware of the precious cargo. This particular transaction was successful because it didn't raise the suspicion of thieves. Some computer security experts say this concept can be applied to protecting vital data, but, due to fundamental vulnerability, it should never be the sole Publish approach for computer security.

Not Reliable

What can work well in a brief window of the physical world, however, is less safe in the never-sleeping online universe. If the safety of an application relies on its source code remaining unknown, that provides little protection.TechNet Magazine gives an example in which a vulnerable web server that could be attacked through Port 80 simply switches to Port 81. While this would stop some attacks, a knowledgeable intruder would simply run a port scanner until he or she finds a server using a non-standard port and would then have access to the server.

IT Security Should Follows this Historic Principle

Interestingly enough, the principles of 21st century computer security are based on a nineteenth century axiom created by cryptographer Auguste Kerckhoff. He stated that a system's security should lie wholly in its key, and that as long as the key remains unknown the system should remain secure. This principle centers on the expectation that enemies will acquire access to the full architecture of a system, and so safety lies in an explicit cryptographic key rather than in the hope of keeping the system's structure secret. Kerckhoff's principle, which directly contradicts "security through obscurity," still remains a best practice in today's information age. The Open Web Application Security Project gives a good example of Kerckhoff's principle at work: Linux source code is available through countless open doors, and yet when secured with proper keys it makes a robustly impenetrable operating system.

An Extra Layer of Protection

However, as TechNet Magazine points out, obscurity can be a useful tool when added to existing layers of high-quality encryption. For example, many security professionals advocate hiding the administrator account. This simple measure will slow down any hacker trying to log in as an administrator. While further digging can locate the administrator's numerical security identifier, at the very least the intruder has been slowed down. Perhaps the best conclusion is that, as one user commented on Information Security Stack Exchange, "Security ONLY through obscurity is terrible." Referring to the previous example, changing to a non-standard port in addition to using strong SSH password and key protection is probably an excellent idea. Photo Credit: Mr. Cacahuate via Flickr.

Betsy S

Washington, United States • Last online 13 days

Betsy Stanton is a professional content writer who has worked through Scripted since 2012, researching and writing on a broad range of topics. Her employment background includes market consulting, real estate, non-profit organizing, healthcare-related social work and community college ESL teaching. She is also a literary writer (under a different name), and her short fiction, poetry and essays have appeared in respected journals. She has a Bachelor of Science degree from the University of California, with coursework that included biology, physics and calculus. Her graduate work at the University of Washington School of Social Work led her into private consulting in personal finance, business practices and digital marketing. She is a careful, enthusiastic researcher who enjoys matching her writing tone to each client’s unique needs. She...

Customer Ratings:
294 reviews
Power your marketing with great writing. – Start your 30-day free trial today! GET STARTED

Other content marketing examples from Betsy S

Affordable Green Materials for Building Your Home

**Saving energy isn't always the best way to save on your utility bills. Integrating green ma... Read More

4 Most Gorgeous Perennials for Plant Pairing

**Gardeners discovered that some plants grow better when grown in close proximity with another pl... Read More

How to Get the Best Credit Card For Your Bad Credit

**It may seem impossible to get a good credit card if you have bad credit, but understanding your... Read More

Make Money From Your Forgotten Wardrobe

**Whether you've outgrown your wardrobe or just don't have space for it all, that doesn&#... Read More

5 Best Twitter Accounts for Self-Improvement Minded Writers

**Twitter is an ideal continuing education tool for content writers. Here's who to follow to ... Read More

6 Tips for Moving to a Cash-Only Lifestyle

**Credit cards have become essential in the online world we live in, but data breaches in the new... Read More

Be Happier on Low Days By Dressing Up

**While clothes don't make the man or woman, they definitely can be a factor in your confiden... Read More

Why Instagram is the Social Media Platform of 2014

**Instagram's success shines through above the other social media monoliths of the year by ca... Read More

Risks and Benefits of Vesting Shares in an Early Startup

**In early phases of a startup, finances are often stretched thin. Vesting shares can protect you... Read More

Microsoft's Strategy Shift and its $40 Billion Buyback

**During recent months, Microsoft has reorganized its strategy and structure, as it strives to re... Read More