However, even small companies cannot expect to avoid expert hacking attempts.Ī small, obscure network is what many of these hackers seek. The more active your company is in politics and the more money you make, the bigger a target any software you use for hacking will be. Putting aside white hat hackers, who do not mean your system harm, hackers may attack your system for profit, political activism, malicious fun, curiosity, or to challenge themselves. Expert hackers come in many forms and with a vast array of potential motivations. The realm of expert hackers is one of the more varied of modern subcultures. The ways obscurity fails in defense include: You Cannot Predict Expert Hackers It can only be used to supplement a broader, deeper security strategy. Where Obscurity Failsĭespite the above, it must be emphasized that obscurity alone is not a valid form of defense. This is good news because entry-level players like this make up the majority of most fields, hacking included. Generally, neither of these groups has the necessary skillset and tools to discover new exploits. However, newcomers like this usually lack the talent to discover new exploits unless they are very dedicated or the exploit is very easy to discover. Then, with only a basic understanding of how these things work, they begin to try and identify easy targets, usually for either fun or profit.Ī novice hacker is slightly more advanced, representing an individual who has a deeper understanding of how hacking works. This is an individual who downloads or buys pre-made software and tools created by experts. The bulk of malicious hack attempts come from two groups: script kiddies and hacking novices.Ī "script kiddie" is a hacker who barely qualifies as such. Script Kiddies and Novices Make For Bad PioneersĪnother element in the favor of obscurity is the fact most hackers lack the technical know-how to investigate your code, even if they wanted to. Even then, most malicious hackers do not dedicate that level of time and effort to a given hacking attempt. Only if that also fails would most hackers begin to seek out unique, undiscovered exploits. In essence, they now ask Does the internet have what I need? First, a hacker might research known exploits and relevant tools that can better infiltrate the system. If the answer is no, then a hacker may dig further. In a way, these early steps answer a simple but critical question: Can I get in with what I presently have? The Benefits of ObscurityĪ few benefits of obscurity when it comes to security include: Hackers Begin With What They KnowĪlmost any attempt to hack a system, whether it is malicious or a white hat test, begins with the hacker using known exploits and familiar tools to test the boundaries of a system. We can (and will) argue that it is over-relied upon but it can play a small role in a broader security strategy. There are significant problems with this line of thinking which we will discuss later but the principle is not totally without merit. If an attacker, and the designer of their tools, is unaware of a vulnerability, it does not factor into their attack, no matter how glaring the flaw may seem to those who know about it. This may be a simple idea but it's also true. Hence the term "security through obscurity." We begin by discussing the core concept upon which security through obscurity is based: an attacker cannot exploit a vulnerability they know nothing about. Today we want to discuss the specifics of security through obscurity, what it is, and what it isn't, in the hopes of helping readers learn the specifics of this particular software topic. That said, there is at least an argument that obscurity has a place in security engineering. This is not without reason either hiding security flaws does not mean they cease to exist. In the world of software, security through obscurity (also called security by obscurity) is often derided as bad design.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |