Security Through Obscurity
posted by Anna Mar, August 16, 2013Security through obscurity is a term to describe a design that's secure only because it's a secret.
It's any software, infrastructure, technique or algorithm that depends on a secret implementation for security.
Security through obscurity is generally considered a bad idea. Instead security designs should be so secure that you can show anyone the design and it will still be secure.
Definition: Security Through Obscurity
Security through obscurity is any code, infrastructure, technique or algorithm that wouldn't be secure if attackers could see its design.
So What?
A sophisticated security design can be shown to the world and remain secure.Security through obscurity encourages weak designs. As a rule of thumb, if you design something you wouldn't want a hacker to see — there's probably something wrong with the design.
Security By Design
Security by design is any design that isn't weakened by being exposed to the world.It's the opposite of security through obscurity.
Open Security
In order to ensure security by design it's common to publish the details of security designs, standards and algorithms.This process of peer and public review hardens security.
Open Source vs. Proprietary Source
Open source software has to be secure by design because the world can see its code.It's thought that proprietary software tends to be less secure because engineers are tempted to resort to security by obscurity.
Next: 10 Root Causes of Security Vulnerabilities »
The 10 Root Causes Of Security Vulnerabilites Learn about common root causes of security risks. |
Recently on Simplicable
Security Through Obscurityposted by Anna MarSecurity through obscurity is generally considered a bad idea ... |
IT Security Guideposted by John SpaceyA guide to information security including cheat sheets, best practices and checklists. |