Skip to content
loading...

re: Thoughts on "Security Through Obscurity" VIEW POST

FULL DISCUSSION
 

In my experience, one of the biggest advantages to adding some forms of obscurity is that it can help improve the signal-to-noise ratio when you're looking for threats. For example, if I change all of my servers to listen for SSH on port 55555 instead of port 22, when I'm looking for suspicious behavior, I'll have a lot less data to sift through, since my logs for port 55555 won't include traffic from random bots scanning my servers. I will, of course, still enforce strong SSH key rules for my users.

To extend another example, if I call my users DB table 'ContosoUsers', an otherwise successful attempt at SQL injection will, instead of silently succeeding, raise a DB error. An error is a lot noiser and easy to spot than just another INSERT on users, so I can hopefully notice the attack sooner.

code of conduct - report abuse