[CentOS] security by obscurity [was: CentOS VPN server for iPhone]

Joseph L. Casale JCasale at activenetwerx.com
Fri Mar 27 00:13:47 UTC 2009


>I think that's a nice example of pervasive fallacious binary thinking, 
>combined with an old tired slogan that by all rights should be dead by now.

Ok...

>By the same token, we should not use firewalls, because they can be 
>circumvented by people who are skilled enough, nor use passwords, 
>because they can be guessed or brute-forced. And so on.

Really, tell me how you really think? :)

>I can't do this for a public server, which by definition 
>must stand out in the clear; but for private-use stuff, why not if it's 
>not too cumbersome for me?

Ok, so all my public servers will be owned, but all my private servers are
"now" safe? (that's my only point, its most often not feasible, and in the few
situations where it is, did I *really* gain anything?)[1]

>Yes, "security by obscurity" is useless when it's alone, but it can be 
>good if used appropriately and combined with various other measures. We 
>should put this slogan to rest by now, it's 2009 already. Sheesh.

It's not an old slogan that should be put to rest, it's a valid mistake (made by
some, in some situations, in my opinion (fallacious argument anyway, should "server
administration" be banned, as that slogan has been around for a while?).

Like I said, my opinion and I never suggested it was your only line of defense.
I only said it was my opinion, for which "I" think has good reason, see [1].

Let me restate, its only my opinion. YMMV :) (Heh, is it Friday yet?)
jlc


More information about the CentOS mailing list