What would your idea be of the perfect, most secure place to store something? Not thinking electronically, if you had a prized possession…or a family heirloom, where would you keep it? Perhaps in an iron safe, locked with many advanced locks, guarded by a 24 hour watch team, and lasers…and all the other spy stuff you see in the movies? But what have we learned from the movies about keeping your family diamond locked up and hidden? As soon as the other guys who want that jewel learn of its existence and value to them, they immediately begin to devise a plan to infiltrate, bypass, and ultimately steal.
This month’s article speaks briefly on the greatest security of all – the security through what we in the industry call obscurity (obscure – (n.) invisible or unclear.) The greatest asset one can have on their side is keeping prying eyes unbeknownst to the secret, or asset. If a computer hacker wanted to target someone across a large WAN, such as the internet, he would be faced with the decision of choosing from millions upon millions of targets. Who should he/she choose to target? There are an estimated 4.2 billion available addresses on the internet today (IPv6 is beyond the scope of this article). Why should hacker Joe attack your computer network, when there are literally millions exactly alike it? In the world today, this is in itself, somewhat of a false security. But it is the security that many companies rely on.
Recently, our staff at Half Hack have come across some concept code submitted from an anonymous source, giving detail for exploiting the most recent versions of OpenSSH. This is obvious proof that even the most secure of systems have holes. Every “Gibzon” can be “hax0red,” it’s only a matter of drive.
This month, we would like to challenge your mindset on your security, or the security you manage for others. Are you setting yourself up for a well gated and layered security in your home or business, or are you bluntly put, relying on the forethought of vendors and programmers (Cisco, Linksys, and other firewall/router/IDS vendors). In today’s world…we are as secure as we are told. The truth, is that we ride heavily on obscurity until someone finds us, and decides that what we have is worth taking.