Security Basics mailing list archives
Re: Concepts: Security and Obscurity
From: Daniel Miessler <daniel () dmiessler com>
Date: Wed, 4 Apr 2007 23:30:43 -0400
On Apr 4, 2007, at 1:09 PM, work () moltenplanet com wrote:
From my perpective the example used is weak as the system relies entirely on the authenticated SSH for security, if this is properly secured using an authentication server then what is the port knocking needed for.
Well, in my view it's beneficial to eliminate the ability of the world as a whole to even CONNECT to your daemon in the first place. Even if there is very strong authentication in place, there's no way to know that the system cannot be compromised *before* that point.
As such, taking away that exposure for 99.9% of the planet seems to me like a very strong security measure.
Thoughts? -- Daniel Miessler E: daniel () dmiessler com W: http://dmiessler.com G: 0xDA6D50EAC
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Concepts: Security and Obscurity Daniel Miessler (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
- Re: Concepts: Security and Obscurity ericfurman (Apr 10)
- RE: Concepts: Security and Obscurity David Gillett (Apr 11)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 09)
- RE: Concepts: Security and Obscurity security (Apr 05)
- <Possible follow-ups>
- Re: Concepts: Security and Obscurity work (Apr 04)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- RE: Concepts: Security and Obscurity Mark Sutton (Apr 09)
- Re: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- RE: Concepts: Security and Obscurity Craig Wright (Apr 05)
- RE: Concepts: Security and Obscurity Mandelcorn, Seymour (Apr 09)
- RE: Concepts: Security and Obscurity Daniel Miessler (Apr 05)
- Re: Concepts: Security and Obscurity krymson (Apr 05)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 09)
- RE: Concepts: Security and Obscurity John Rodriguez (Apr 09)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 10)
- RE: Concepts: Security and Obscurity Ken Kousky (Apr 09)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 04)
- Re: Concepts: Security and Obscurity Pranay Kanwar (Apr 05)
- Re: Re: Concepts: Security and Obscurity levinson_k (Apr 09)