From: Shain Singh (shain.singh@aapt.com.au)
Date: Tue Jun 06 2006 - 00:01:00 EDT
> I beg to differ with you -- running a standard service on a
> non-standard
> port is a bid for security through obscurity.
I tend to agree with Phil on this one. Already been mentioned a few times
but security through obscurity is fine as long as it is not the sole method
of defense.
For those interested, a draft document from Peter Swire is a great read on
this topic, entitled: "What Should be Hidden and Open in Computer Security:
Lessons from Deception, the Art of War, Law, and Economic Theory"
http://arxiv.org/abs/cs.CR/0109089
-- Shaineel Singh MakePeace Media LTD http://mpm.org.au/shsingh pgp id: 0xA9D8D351 fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C This message was written entirely with recycled electrons. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com for details. ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:02 EDT