There is nothing wrong with obscurity - it's just that you can't rely on it.
An NTFS ACL is "guaranteed" by the OS to work a certain way always - if you set an ACE on a sensitive file then you can rely on certain identities have access to it, and others being denied The same file, buried in a folder with tens of thousands of others, will also be harder to attack. However you can't rely on this type of "obscurity" to protect your file. An attacker might get lucky. Or they might know exactly what to look for. Or they might just write a little app to try every possible file in that folder. Obscurity isn't bad. It just doesn't give you any guarantees about anything. Cheers Ken From: Candee Vaglica [mailto:[email protected]] Sent: Friday, 17 July 2009 9:56 PM To: NT System Admin Issues Subject: Re: Security by obscurity? +1 On Thu, Jul 16, 2009 at 4:54 PM, Sean Rector <[email protected]<mailto:[email protected]>> wrote: I've read many articles on this subject - security through obscurity = no added security. It's how I roll... Sean Rector, MCSE From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, July 16, 2009 4:42 PM To: NT System Admin Issues Subject: Security by obscurity? I am having a discussion with some of my fellow SE's, they think having OWA's address be hostname.domain.com/exchange<http://hostname.domain.com/exchange> instead of mail.companyname.com<http://mail.companyname.com/> for "security by obscurity" reasons. I think it's more overhead/help tickets than it worth. Comments? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 Information Technology Manager Virginia Opera Association E-Mail: [email protected]<mailto:[email protected]> Phone: (757) 213-4548 (direct line) {+} Virginia Opera's 35th Anniversary Season<http://www.vaopera.org/> The One You Love Celebrate with a 2009-2010 Subscription: La Bohème<http://www.vaopera.org/html/currentoperas/opera1.cfm>, The Daughter of the Regiment<http://www.vaopera.org/html/currentoperas/opera2.cfm>, Don Giovanni<http://www.vaopera.org/html/currentoperas/opera3.cfm> and Porgy and BessSM<http://www.vaopera.org/html/currentoperas/opera4.cfm> Visit us online at www.vaopera.org<http://www.vaopera.org/> or call 1-866-OPERA-VA ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
