Security Through Obscurity (STO)

What is security through obscurity?

Security through obscurity (STO) is hiding, masking, or concealing parts of a system to enhance its security. By itself this does not increase the security level, but it can be an effective method in combination with a layered security defense. So it complements the overall security efforts, but alone is it not to be considered a real security measure.

Another part of security through obscurity is the principle of hiding in plain sight. Like one can use a password and hide that in a creative way into a cooking recipe.

Linux examples of security through obscurity

Let’s have a look at some examples on Linux.

Replace application name

If you are running nginx, you could decide to use Apache in a HTTP header. This may help automated scanners that are looking for nginx to ignore your system. Another option is that an attacker might be confused.

Change port number

A good example of changing the port number is that of changing the SSH server to another port. It may reduce automated scans, brute-force authentication attempts, and decrease the number of log entries.

Adding extra (fake) ports to the system

Most secured systems will run a minimum of services. That also means that the number of open ports is often limited to just a few. To hide the services in plain sight, one could add additional ports to the system, running a fake service, or even a honeypot. Actions against these ports or the honeypot, may be logged and used as a warning signal. A bit like the canary in the coal mine to discover problems early.

Feedback

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!