Skip to content

re: Thoughts on "Security Through Obscurity" VIEW POST


In my experience, one of the biggest advantages to adding some forms of obscurity is that it can help improve the signal-to-noise ratio when you're looking for threats. For example, if I change all of my servers to listen for SSH on port 55555 instead of port 22, when I'm looking for suspicious behavior, I'll have a lot less data to sift through, since my logs for port 55555 won't include traffic from random bots scanning my servers. I will, of course, still enforce strong SSH key rules for my users.

To extend another example, if I call my users DB table 'ContosoUsers', an otherwise successful attempt at SQL injection will, instead of silently succeeding, raise a DB error. An error is a lot noiser and easy to spot than just another INSERT on users, so I can hopefully notice the attack sooner.

code of conduct - report abuse