Friday, May 12, 2006


I love when someone attacks infosec absolute truths! Roger Grimes did that in this article at Info World. I lke the part where he comments security through obscurity:

"The myth would have you believe that security by obscurity has no value and any scheme using it should be immediately discounted. But the fact of the matter is that security by obscurity works, and works well. It is among the least expensive security defenses you can employ. It should be considered a part of anyone’s defense-in-depth plan."

The bold is mine. It's very important to make clear that security through obscurity is not enough alone, but it can be very valuable in a defense in depth strategy. Grimes himself gives a very good example in the article.

No comments:

Post a Comment