Security through obscurity definition
Security through obscurity refers to the practice of securing systems by making the system or its underlying implementation hidden. The idea is that if the details are not publicly known, then it will be more difficult for potential attackers to identify and exploit vulnerabilities. However, this concept is highly criticized and generally not recommended as a primary security strategy.
See also: information security policy, data custodian, dictionary attack
Drawbacks of security through obscurity
- 1.False sense of security. It tends to give a flawed idea that the obscurity will not be breached. But if the system is uncovered, it often reveals a wide array of vulnerabilities due to lack of other security measures.
- 2.Lack of peer review. When security methods are obscured, they can’t undergo proper review that well-known security algorithms do. Hiding your system makes uncovering vulnerabilities harder.
- 3.Increased complexity. Obscure systems are more difficult to manage and maintain because they are not standardized. Not only they might need custom solutions, but also fixing problems can be challenging without the properly trained staff.
- 4.Poor scalability. Systems that rely on obscurity can be difficult to scale. As they grow, it’s harder to keep the system design and its inner workings a secret.
- 5.Inefficiency. Eventually, issues are discovered but solving it may be slower and more complex because you can't rely on existing solutions or the larger community to help resolve it.