Firewall Wizards mailing list archives

Re: DNS Names for external services

From: kent () songbird com
Date: Wed, 14 Apr 2010 23:57:32 -0700

On Wed, Apr 14, 2010 at 11:57:48AM +0100, John Morrison wrote:

I have to agree with the view that obfuscation/obscurity is not the
way to go. It increases the difficulty of use and, in this case,
provides very little benefit.


In this case, yes, it provides very little benefit.  However, I think the 
"no security through obscurity" meme is sometimes carried too far.  In 
Schneier's article (referenced below) he says:

    "Just because security does not require that something be kept secret, it
    doesn't mean that it is automatically smart to publicize it."

Body armor with effective camouflage is preferable to body armor in day-glo
colors.


See
        "Why Security-Through-Obscurity Won't Work"
(http://slashdot.org/features/980720/0819202.shtml)
        "What is "security through obscurity""
(http://users.softlab.ntua.gr/~taver/security/secur3.html)

For a wider discussion see
        "Secrecy, Security, and Obscurity"
(http://www.schneier.com/crypto-gram-0205.html)




On 13 April 2010 21:22, Jim Seymour <jseymour () linxnet com> wrote:

From: "Behm, Jeff" <jbehm () burnsmcd com>
To: Firewall Wizards Security Mailing List
      <firewall-wizards () listserv icsalabs com>
Date: Tue, 13 Apr 2010 11:16:06 -0500
Subject: [fw-wiz] DNS Names for external services

Just curious, what is your opinions of the security vs. ease of use
trade-offs on putting DNS entries in (vs. making people know/use an
IP address) for services you expose to the Internet.

[snip]

I believe there's nothing significant to be gained by such
obfuscation.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: DNS Names for external services, (continued)
- - - Re: DNS Names for external services R. DuFresne (Apr 27)
    - Re: DNS Names for external services Andre Lima (Apr 26)
    - Re: DNS Names for external services Dave Piscitello (Apr 27)
- Re: DNS Names for external services Paul Melson (Apr 14)
  - Re: DNS Names for external services Dave Piscitello (Apr 22)
    - Re: DNS Names for external services Paul Melson (Apr 22)
- Re: DNS Names for external services Henri Salo (Apr 14)
  - Re: DNS Names for external services Kent Crispin (Apr 14)
- Re: DNS Names for external services Jim Seymour (Apr 14)
  - Re: DNS Names for external services John Morrison (Apr 14)
    - Re: DNS Names for external services kent (Apr 15)
  - Re: DNS Names for external services Marcus J. Ranum (Apr 14)
    - Re: DNS Names for external services Jens Link (Apr 15)
- Re: DNS Names for external services Behm, Jeff (Apr 14)
- Re: DNS Names for external services orca Puget (Apr 14)
- Re: DNS Names for external services Peter Bruderer (Apr 14)