How to Properly Implement Security by Obscurity

Scripted’s talented community of freelance writers have a variety of expertise and specialties. While many of our customers hire writers to execute their content marketing strategy, our writers deliver high-quality content in many formats. You can find content writers, blog writers, ghostwriters, and SEO writers all with experience in your niche.

The following is a an example of a Computer Security blog post:

In the physical world, secrecy is an asset to security. In the never-sleeping online universe these same methods won't carry over too perfectly. 

Despite the term security by obscurity's pejorative origin, it has a place in computer security. For the uninitiated, the term is a security strategy that emphasizes secrecy over protections. It was put to test in the real world in 2008, when the American Numismatic Society transported a collection of rare coins worth hundreds of millions of dollars by using ordinary moving trucks and movers unaware of the precious cargo. This particular transaction was successful because it didn't raise the suspicion of thieves. Some computer security experts say this concept can be applied to protecting vital data, but, due to fundamental vulnerability, it should never be the sole Publish approach for computer security.

Not Reliable

What can work well in a brief window of the physical world, however, is less safe in the never-sleeping online universe. If the safety of an application relies on its source code remaining unknown, that provides little protection.TechNet Magazine gives an example in which a vulnerable web server that could be attacked through Port 80 simply switches to Port 81. While this would stop some attacks, a knowledgeable intruder would simply run a port scanner until he or she finds a server using a non-standard port and would then have access to the server.

IT Security Should Follows this Historic Principle

Interestingly enough, the principles of 21st century computer security are based on a nineteenth century axiom created by cryptographer Auguste Kerckhoff. He stated that a system's security should lie wholly in its key, and that as long as the key remains unknown the system should remain secure. This principle centers on the expectation that enemies will acquire access to the full architecture of a system, and so safety lies in an explicit cryptographic key rather than in the hope of keeping the system's structure secret. Kerckhoff's principle, which directly contradicts "security through obscurity," still remains a best practice in today's information age. The Open Web Application Security Project gives a good example of Kerckhoff's principle at work: Linux source code is available through countless open doors, and yet when secured with proper keys it makes a robustly impenetrable operating system.

An Extra Layer of Protection

However, as TechNet Magazine points out, obscurity can be a useful tool when added to existing layers of high-quality encryption. For example, many security professionals advocate hiding the administrator account. This simple measure will slow down any hacker trying to log in as an administrator. While further digging can locate the administrator's numerical security identifier, at the very least the intruder has been slowed down. Perhaps the best conclusion is that, as one user commented on Information Security Stack Exchange, "Security ONLY through obscurity is terrible." Referring to the previous example, changing to a non-standard port in addition to using strong SSH password and key protection is probably an excellent idea.   Photo Credit: Mr. Cacahuate via Flickr.  

Betsy S.

Betsy S.

Washington, United States

I’m a professional content writer working exclusively through Scripted, and I have experience researching and writing on a broad range of topics. My employment background includes market consulting, real estate, non-profit organizing, healthcare-related social work and communi...

Jobs Completed 1546 Customer Ratings 253 Job Success 1529/1546 (98%)

Other content marketing examples from Betsy S.

5 Best Twitter Accounts for Self-Improvement Minded Writers

Twitter is an ideal continuing education tool for content writers. Here's who to follow to stay u... Read More

Plus-size Models Positively Influencing Fashion Industry

The fashion world's ideal of feminine beauty is currently in a state of transition, as its main a... Read More

Make Money From Your Forgotten Wardrobe

Whether you've outgrown your wardrobe or just don't have space for it all, that doesn't mean you ... Read More

6 Tips for Moving to a Cash-Only Lifestyle

Credit cards have become essential in the online world we live in, but data breaches in the news ... Read More

Why Instagram is the Social Media Platform of 2014

Instagram's success shines through above the other social media monoliths of the year by capitali... Read More

Be Happier on Low Days By Dressing Up

While clothes don't make the man or woman, they definitely can be a factor in your confidence and... Read More

Similar content marketing examples from other writers

Tips on How to Improve Retention Post App Download

With app downloads at an all-time high, users are settling into their favorites. Learn how to sta... Read More

Trojan Horse Programs and How to Avoid Them

Malware exists in many forms, so how can you protect yourself from them all? The best defense is ... Read More

Google Ordered to Pay Off Patent Trolls

In a decision that is already being appealed, a court in Virginia ordered Google to pay 1.36 perc... Read More

Unsung Heroes of Cybersecurity

Security teams are the rarely thanked defenders of today's digital lifestyles. In peak performanc... Read More

Top 5 skills for IT Security Specialist

5 Top Skills for an IT Security SpecialistThe threat of cyber attacks and security breaches is in... Read More