Firewall Wizards mailing list archives
Re: DNS Names for external services
From: kent () songbird com
Date: Wed, 14 Apr 2010 23:57:32 -0700
On Wed, Apr 14, 2010 at 11:57:48AM +0100, John Morrison wrote:
I have to agree with the view that obfuscation/obscurity is not the way to go. It increases the difficulty of use and, in this case, provides very little benefit.
In this case, yes, it provides very little benefit. However, I think the "no security through obscurity" meme is sometimes carried too far. In Schneier's article (referenced below) he says: "Just because security does not require that something be kept secret, it doesn't mean that it is automatically smart to publicize it." Body armor with effective camouflage is preferable to body armor in day-glo colors.
See "Why Security-Through-Obscurity Won't Work" (http://slashdot.org/features/980720/0819202.shtml) "What is "security through obscurity"" (http://users.softlab.ntua.gr/~taver/security/secur3.html) For a wider discussion see "Secrecy, Security, and Obscurity" (http://www.schneier.com/crypto-gram-0205.html) On 13 April 2010 21:22, Jim Seymour <jseymour () linxnet com> wrote:From: "Behm, Jeff" <jbehm () burnsmcd com> To: Firewall Wizards Security Mailing List <firewall-wizards () listserv icsalabs com> Date: Tue, 13 Apr 2010 11:16:06 -0500 Subject: [fw-wiz] DNS Names for external services Just curious, what is your opinions of the security vs. ease of use trade-offs on putting DNS entries in (vs. making people know/use an IP address) for services you expose to the Internet.[snip] I believe there's nothing significant to be gained by such obfuscation. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: DNS Names for external services, (continued)
- Re: DNS Names for external services R. DuFresne (Apr 27)
- Re: DNS Names for external services Andre Lima (Apr 26)
- Re: DNS Names for external services Dave Piscitello (Apr 27)
- Re: DNS Names for external services Paul Melson (Apr 14)
- Re: DNS Names for external services Dave Piscitello (Apr 22)
- Re: DNS Names for external services Paul Melson (Apr 22)
- Re: DNS Names for external services Dave Piscitello (Apr 22)
- Re: DNS Names for external services Henri Salo (Apr 14)
- Re: DNS Names for external services Kent Crispin (Apr 14)
- Re: DNS Names for external services Jim Seymour (Apr 14)
- Re: DNS Names for external services John Morrison (Apr 14)
- Re: DNS Names for external services kent (Apr 15)
- Re: DNS Names for external services Marcus J. Ranum (Apr 14)
- Re: DNS Names for external services Jens Link (Apr 15)
- Re: DNS Names for external services John Morrison (Apr 14)
- Re: DNS Names for external services Behm, Jeff (Apr 14)
- Re: DNS Names for external services orca Puget (Apr 14)
- Re: DNS Names for external services Peter Bruderer (Apr 14)