Re: Concepts: Security and Obscurity

[Daniel Miessler <daniel () dmiessler com>]

On Apr 4, 2007, at 1:09 PM, work () moltenplanet com wrote:

> From my perpective the example used is weak as the system relies  
> entirely on the authenticated SSH for security, if this is properly  
> secured using an authentication server then what is the port  
> knocking needed for.

Well, in my view it's beneficial to eliminate the ability of the  
world as a whole to even CONNECT to your daemon in the first place.  
Even if there is very strong authentication in place, there's no way  
to know that the system cannot be compromised *before* that point.

As such, taking away that exposure for 99.9% of the planet seems to  
me like a very strong security measure.

Thoughts?

--
Daniel Miessler
E: daniel () dmiessler com
W: http://dmiessler.com
G: 0xDA6D50EAC

Attachment: PGP.sig
Description: This is a digitally signed message part