« Back to Security concepts

Security Through Obscurity (STO)

What is security through obscurity?

Security through obscurity (STO) is hiding, masking, or concealing parts of a system to enhance its security. By itself this does not increase the security level, but it can be an effective method in combination with a layered security defense. So it complements the overall security efforts, but alone is it not to be considered a real security measure.

Another part of security through obscurity is the principle of hiding in plain sight. Like one can use a password and hide that in a creative way into a cooking recipe.

Linux examples of security through obscurity

Let’s have a look at some examples on Linux.

Replace application name

If you are running nginx, you could decide to use Apache in a HTTP header. This may help automated scanners that are looking for nginx to ignore your system. Another option is that an attacker might be confused.

Change port number

A good example of changing the port number is that of changing the SSH server to another port. It may reduce automated scans, brute-force authentication attempts, and decrease the number of log entries.

Adding extra (fake) ports to the system

Most secured systems will run a minimum of services. That also means that the number of open ports is often limited to just a few. To hide the services in plain sight, one could add additional ports to the system, running a fake service, or even a honeypot. Actions against these ports or the honeypot, may be logged and used as a warning signal. A bit like the canary in the coal mine to discover problems early.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon