Security Through Obscurity

The effectiveness of Security through Obscurity is closely related to the knowledge (or lack thereof) of the attacker. If someone is unaware of how a particular technology works, the data is obscured by the nature of the technology. Once some understanding is had by your adversary, however, the security vanishes.

Some examples are:

1. Not broadcasting your WLAN SSID. Or, if you do broadcast iy, setting it to something silly (though comical) like OUTOFRANGE or UNAVAILABLE or ERROR.
2. Using Port Security or MAC Filtering as the sole mechanism for controlling access to your network.
3. Hiding files in obscure file system directory structures because “nobody will find them there”
4. Using older/seldom used wireless technologies to transmit data (HomeRF, OpenAir, etc.).
5. Setting your computer name to something obscure like UNKNOWN unwitting users misinterpret the output.

Examples like #1 and #5 are meant to be tongue-in-cheek offerings in class.

Hopefully nobody would ever consider them to be valid efforts at security…

Posted in: