| |||||||||||||
|
| |||||||||||||
Searching for InsecuritySearching for InsecurityPosted Sep 28, 2006 5:02 UTC (Thu) by Felix.Braun (subscriber, #3032)Parent article: Searching for Insecurity
This just goes to show once more that security through obscurity is no security at all.
(Log in to post comments)
Searching for Insecurity Posted Sep 28, 2006 8:55 UTC (Thu) by dion (subscriber, #2764) [Link] Well, doesn't it really show that obscurity would lead to better security?
There is absolutely no reason at all to tell the attackers the exact version of software you are running, but doing so just makes it easy to for the attackers to find you when an exploit is published.
The majority of attackers don't go after one particular host and try to crack it, they just scan the net (or search google) and attack the hosts what seem vulnerable.
Keeping the software name/version obscure will prevent the casual attacks and hopefully give you time to patch the system before someone determined to attack you does so.
Searching for Insecurity Posted Sep 29, 2006 6:01 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link]
Security through obscurity is ok as long as you dont rely on it completely. It sometimes does gives you a grace period or layer of security as passive defense.
Searching for Insecurity Posted Sep 29, 2006 18:32 UTC (Fri) by giraffedata (subscriber, #1954) [Link] There is absolutely no reason at all to tell the attackers the exact version of software you are running There's a good reason to tell the attackers the version of the software: You can't know that the person you're telling is an attacker, and non-attackers have lots of good uses for that information. It's especially useful in diagnosing problems. It's also handy in release management. I believe obscurity usually improves security. But that improvement does come at a cost.
|
|
||||||||||||