Why Security Through Obscurity Isn't
The only thing worse than a lack of security is the illusion of security. All too often,
individuals who have no idea of what constitutes sound security practices believe that obscurity is the only
cost-effective security solution. Unfortunately, these same people are usually in a position to determine
IT security operations. As a consequence, the notion of security through obscurity flourishes
while meaningful security practices die on the vine.
The hazards of this reality are incalculable. Thus, it is vital for all concerned that these
popular misconceptions regarding the notion of security through obscurity be examined, refuted and abandoned.
This paper was presented at ToorCon III.
This presentation is available in three different formats:
See also: The Myth of Cyber-Terrorism