Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Security through obscurity
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Obscurity in architecture vs. technique == Knowledge of how the system is built differs from concealment and [[camouflage]]. The effectiveness of obscurity in [[operations security]] depends on whether the obscurity lives on top of other good security practices, or if it is being used alone.<ref>{{Cite news|url=https://danielmiessler.com/study/security-by-obscurity/|title=Obscurity is a Valid Security Layer - Daniel Miessler|work=Daniel Miessler|access-date=2018-06-20|language=en-US|archive-date=2022-12-08|archive-url=https://web.archive.org/web/20221208063348/https://danielmiessler.com/study/security-by-obscurity/|url-status=live}}</ref> When used as an independent layer, obscurity is considered a valid security tool.<ref>{{Cite web|url=https://www.csiac.org/journal-article/cyber-deception/|title=Cyber Deception {{!}} CSIAC|website=www.csiac.org|language=en-US|access-date=2018-06-20|archive-date=2021-04-20|archive-url=https://web.archive.org/web/20210420102103/https://www.csiac.org/journal-article/cyber-deception/|url-status=live}}</ref> In recent years, more advanced versions of "security through obscurity" have gained support as a methodology in [[cybersecurity]] through Moving Target Defense and [[Deception technology|cyber deception]].<ref>{{Cite news|url=https://www.dhs.gov/science-and-technology/csd-mtd|title=CSD-MTD|date=2013-06-25|work=Department of Homeland Security|access-date=2018-06-20|language=en|archive-date=2022-12-08|archive-url=https://web.archive.org/web/20221208063349/https://www.dhs.gov/science-and-technology/csd-mtd|url-status=live}}</ref> NIST's cyber resiliency framework, 800-160 Volume 2, recommends the usage of security through obscurity as a complementary part of a resilient and secure computing environment.<ref>{{Cite report |url=https://csrc.nist.gov/pubs/sp/800/160/v2/ipd |title=Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems |last=Ross |first=Ron |last2=Graubart |first2=Richard |date=2018-03-21 |publisher=National Institute of Standards and Technology |issue=NIST Special Publication (SP) 800-160 Vol. 2 (Withdrawn) |language=en |last3=Bodeau |first3=Deborah |last4=McQuaid |first4=Rosalie |access-date=2024-04-05 |archive-date=2023-12-06 |archive-url=https://web.archive.org/web/20231206132437/https://csrc.nist.gov/pubs/sp/800/160/v2/ipd |url-status=live }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)