Summary:

The only thing worse than a lack of security is the illusion of security. All too often, individuals who have no idea of what constitutes sound security practices believe that obscurity is the only cost-effective security solution. Unfortunately, these same people are usually in a position to determine IT security operations. As a consequence, the notion of security through obscurity flourishes while meaningful security practices die on the vine.

The hazards of this reality are incalculable. Thus, it is vital for all concerned that these popular misconceptions regarding the notion of security through obscurity be examined, refuted and abandoned.

This paper was presented at ToorCon III.

This presentation is available in three different formats:

• Online Web Document (HTML) (22 slides)
• Portable Document Format (PDF) (507K)
• PowerPoint Presentation (PPT) (629K)

Related Topics:

See also: The Myth of Cyber-Terrorism