Security through obscurity relies on secrecy and obfuscation to protect systems and information, but it can create vulnerabilities. Methods include data masking, obfuscated code, and proprietary techniques. It should be used in conjunction with other security measures and transparent security is also valuable.
Security through obscurity is a philosophy that suggests obfuscation and secrecy as the primary means of ensuring system or information security. The basic assumption is that if only a few trusted people understand how a security system works, the system is usually simple. Some commonly used methods of security through obscurity include encrypting data or creating proprietary information through copyright protection. Some experts suggest, however, that this method is simply an illusion and could actually make computer programs and systems more vulnerable to hackers.
The basic principle of security through obscurity is quite simple: if data is kept secret, no one outside the protection of secrecy can find it. Somewhat similar to hiding money under a mattress, this concept works great as long as no unreliable adversary knows the money is in the mattress. Using techniques that obfuscate data or allow only authorized individuals access to encryption or security algorithms can help protect knowledge from being made public and therefore subject to defeat.
Some of the methods used for security through obscurity include data masking. For example, if a file is named “corporate passwords”, it is vulnerable to easy attacks. Changing the filenames to harmless or hard-coded terms can help add a little security measure. Similar methods may include the use of obfuscated code, which masks protected information by encoding it in an unusual format. A common method includes hiding the fact that a computer or server even exists, allowing only designated users to access it. Since the existence of the computer is unknown, it is generally hoped that a hacker will not know how to look for it.
Proprietary techniques are common means of protecting software and operating systems from obscurity. By legally and practically limiting access to program data to designated individuals, some software developers hope to deter hackers and scare away anyone attempting to expose security information. In some cases, a user can legitimately discover a security flaw and ask the company to provide a patch, only to receive threats of lawsuits should they expose the flaw to the public. In this way, a developer may be able to prevent the spread of knowledge about security holes, thus providing some means of protection. Workers entrusted with safety information may also be required to sign non-disclosure agreements, which can legally prohibit them from releasing safety information even after they leave the job.
While security through obscurity can be useful as part of an overall security system, by itself it can lead to puzzling vulnerabilities. Using basic obscurity methods, such as protecting files and usernames, can work best in conjunction with methods such as password protection and strong firewalls. Some computer experts also tout the value of transparent security, suggesting that a strong security system that is completely open to users means that weaknesses will be quickly detected and protected.
Protect your devices with Threat Protection by NordVPN
