August 23, 2005 at 10:16 pm
I wrote awhile back about security through chaos and it provoked some interesting responses. While I'm not sure I'd recommend it for every company, in some places it makes sense. Then I saw this Info World article on Security by Obscurity and it reminded me of what I'd written.
The article basically talks about some basic things you can do that don't seem like much, but they obscure things and ensure that nothing is as it would be expected. One simple thing they talk about is not installing to the default locations. Doesn't sound like it would help much and there are always ways to read the registry or use environmental variables to find installations.
However it does work. How many pieces of software, including some SQL Server Service Packs, expect things to be installed in c:? How often have you been bitten by a "bug" in some software because you'd renamed or moved something?
Computer software depends on patterns in many cases to work. And we all use patterns to shorten development time. We reuse code, we cut and past way too much, and we often forget to make simple checks for things being moved around.
And the same goes for virus and worm writers. The people who develop the technology might not be fooled, but so many script kiddies that use kits of modify some piece of code aren't as savvy and don't necessarily make these checks. I know that the administrator account has a particular SID that you can scan for, but I'd be willing to bet that most people would write a worm looking for "administrator". Just think how much less of a problem SQL Slammer would have been if most people had moved SQL Server to some non-default port.
Simple obfuscating changes aren't the answer to security issues, but they provide another layer of protection.
Steve Jones
August 25, 2005 at 9:01 am
When setting up a customer's site that requires external terminal server access with a minimum of fuss, we have their simple ADSL/Cable router+firewall forward 3390 externally to 3389 internally. The functionality is still there (connect to myserver.com:3390 rather than myserver.com) but the casual observer wouldn't know it existed.
VPN would be more secure, but the obscurity of a port number change seems to have been sufficient.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply