Description
1)Assignment - What is security through obscurity and why is it bad?
Please discuss.
Security through obscurity can be said to be bad because it often implies that the obscurity is being used as the principal means of security. Obscurity is fine until it is discovered, but once someone has worked out your particular obscurity, then your system is vulnerable again.
You must do the following:
Create a new thread. As indicated above, please explain security through obscurity and why is it bad with examples.
2)Read the mini case, Building Shared Services at RR Communications (pp. 156-159).
Submit a Word document with the following:
- Complies with the APA and writing standards for this course
- Has a SafeAssign score of less than 25%. You may submit your assignment multiple times to check the SafeAssign score. Only the final submission will be graded. Final submissions with a SafeAssign score of 25% or higher will not be graded.
- Has three scholarly sources, not including our textbook.
- Answer question two and five on page 159. Your answer to each question should be about two pages long.
Explanation & Answer
Hey, Spoorthy. Kindly check the answer for the first task. Thanks.
Running head: SECURITY THROUGH OBSCURITY AND WHY IS IT BAD
Security through Obscurity and Why It Is a Bad Idea
Student’s Name
Institutional Affiliation
SECURITY THROUGH OBSCURITY AND WHY IS IT BAD
Introduction
Security through obscurity basically relies heavily on resilience engineering security
designs which are designed in a manner that its secrecy is what is given the dominance and main
technique of security against any intruder for the systems. Security with obscurity should
however not work in solitary, it should have other protection backups to ensure maximum
security. Security is widely used throughout the world, for instance, obscuring valuable in a car
in given populated places. Security through obscurity is rational as to why people don’t leave
their valuables visible in a well-populated area (David, 2017). Another instance is the case for
technology whereby certain files may be hidden or obscured to limit access from other people
who may be of a threat to such information.
Why Is Security through Obscurity a Bad Idea with Examples?
Security through obscurity heavily relies and depends on the secrecy of the development
and setting up of the systems and the entire components that make up the system in a bid to keep
it safe and secure. Basically, security with obscurity is meant to protect information that can be
used or maximized by an enemy to pose a security threat to any given system (Daniel, 2019).
Security through obscurity based on the secrecy makes it a weak security control and is always
destined to fails when it is the only control technique that the system depends on, this is because
when a strategy is based on high secrecy it limits the input from other stakeholders or technicians
who may identify a gap in the system so as to help improve on it. Another aspect is when there is
high secrecy on access controls on certain systems it may be difficult to hold individuals
responsible for illegal intrusion into systems when it does not have any other mechanism or
overlay to enhance security on the system further. This does not imply that maintaining secrecy
is a bad idea, but rather the design or logic of the security control should be anchored on open
SECURITY THROUGH OBSCURITY AND WHY IS IT BAD
and known principles. This makes the security through obscurity a bad idea since it may be
exposed to tamper by those who have command or control access into systems as there are no
other checks and balances to ensure that the systems remain tamperproof.
Some persons or organizations hide their systems cryptographic algorithms, but this
is viewed quite dangerous technique since such algorithms haven't been undertaken through the
in-depth evaluation, analysis, and scrutiny which would provide an overview of how it operates,
their shortcomings and the necessary security overlays which may be important to add in their
cryptographic algorithms to systems. Capabilities of the attackers and due to limited budget
overlook additional security mechanisms which would otherwise be of great impact to the
system security assurance. The limitation in terms of budget and competent staff makes such
individuals or organizations overlook the security scrutiny of such algorithm patterns as they feel
it will make the organizations incur an additional cost which they can save by just maintaining
secrecy on the design and patterns of the cryptographic algorithm systems. ...