From Security to Obscurity

Some people believe security through obscurity is not good security. Let's agree to disagree. A criminal scanning the neighbourhood will be deterred by the sign of a home security system or a gently barking dog. What if the home looks like a haunted house or an abandoned prison closed due to lack of budget. A hacker will rather go for a low hanging fruit like a deliciously tempting anonymous FTP access open on port 21. 





Here are 5 simple ideas to fade away from visibility to obscurity.

1. Change default port numbers for e.g the top 10 Nmap ports like ftp, ssh, telnet, smtp etc. If at all you need these ports open run the services on a different port number from the one it normally uses.

2. Change your web server header information to provide a nondescript response when probed. Many tools tune their attacks to target the version and type of server that is being displayed. Responding with a non sequitur like Mainframe rocks, when you are serving Apache on Linux.

3. Specify which user Agents are acceptable and which are just bad news. An attackers may use Acunetix, Nikto or Nessus for the initial scan. Filtering out these strings will offload some heavy traffic out of the highway.

4. Go creative with DNS entries that do not exist. Attackers probing through your zone files will spend time scanning these sites. Meanwhile your team can study the sources of these requests and learn more about modus operandi of intruders.

5. Change default SNMP strings into something obscure and block SNMP information from being passed out of the firewalls.

While these are some general guidelines, you may want to scan your assets periodically for your information disclosures. If there is no need, there is no need to know. Fly under the hackers radar, dodging a bullet is as important a buying a bullet proof jacket aka new shiny tool. Know where your assets are, remember simple is secure. We still need to close unused ports and still need to perform regular patching and assessments. In the meanwhile, obscure, obfuscate, observe! Security through Obscurity - Good thing or Bad thing?