| reply to Daniel
Re: Security and Obscurity: Changing Daemon Ports from the Wiki: "Security through obscurity, a controversial principle in security engineering which attempts to use secrecy to provide security"
When you really look up close, there is no security without obscurity. You are always counting on secrecy, on someone else not knowing something about your security. I know that isn't what is meant by security by obscurity, but it is really just an arbitrary definition.
A lock is only secure because someone else does not know the exact shape of your key. A password, no matter how long and random, is only secure because someone else does not know it. Pretty much all software has vulnerabilities. Your security software and your daemons are only secure because someone else does not know all of the vulnerabilities.
Most experts today say that there is no such thing as security that can't be penetrated by someone with the right skills and enough time. If you agree with that, then all security is just obscuring things enough to make the time required or skills required too great for your system to be likely to be penetrated. Changing standard ports adds time to a penetration attempt, therefore it adds security. Probably only a tiny amount, but that's what layers are all about.
Plus it might keep some script kiddie that got his hands on some good code from getting lucky on your system.  |
