John Clarke <[EMAIL PROTECTED]> uttered the following thing: > On Wed, Feb 20, 2002 at 11:48:06AM +1100, Silcock, Stephen wrote: > > > I agree with you; security through obscurity doesn't work. But security + > > obscurity does; > > Proper security stops the worms. The obscurity doesn't add anything.
I'd actually differ from your two opinions. I think obscurity adds another layer to security, but it *must* be combined with "proper" security too. Having up to date software is good, but running on an obscure port gives you that little extra protection when the latest vulnerability for your sshd/etc appears, and a kiddie scanning port 22 misses your box. After all, passwords and crypto keys are all just obscurity. -- Ben Buxton - Random Network Person -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
