Jesper's Blog

Obligatory file photo:

Welcome to Jesper Johansson's blog. This is my home for pontification on the web. In case this is your first time here, I have been working on information security for about 20 years, and have been writing and speaking on the topic for about 10. I am also a Microsoft MVP in Windows Security.
My most recent book is the Windows Server 2008 Security Resource Kit . Because I am also a scuba instructor you may find some posts related to that topic as well. Just because it took me so long to get it, I also like to say that I have a Ph.D. in Management Information Systems from the University of Minnesota.

Thoughts on Security by Obscurity

This has not really been that normal a week for me, but at least another article made it into print. The June 2008 issue of TechNet Magazine is headlined by an article I wrote with my friend Roger Grimes, Security Adviser for Infoworld, on Security by Obscurity. It is another one of those point-counterpoint pieces like we did in the Vista Security book where Roger argues one side of the issue, and I explain why he is wrong; or, rather, argue the other.

Published 13 May 2008 10:46 AM by jesper

Filed under: Security Pontification, Thinking differently

Comments

# Victor Constanstinescu - MVP said on 18 May, 2008 01:34 AM

Not sure why the talkback didn't work. Here it is: victor-youngun.blogspot.com/.../great-debate-security-by-obscurity.html

# markk02474@gmail.com said on 12 June, 2008 09:21 PM

Perhaps you can make Vista Firewall/NLA/RAS interactions less obscure? You gave a sample rule for VPN connections: netsh advfirewall firewall add rule name="Allow CIFS on VPN interfaces" dir=out action=allow enable=yes profile=public localIP=any remoteIP=any remoteport=445 protocol=TCP interfacetype=RAS

Now, if I use such rules on 5,000 user machines needing VPN access, won't DSL (PPPoE), and dialup connections also be considered RAS connections and match? Some number of users will be exposed using their home connections, right?

Network Awareness is poorly documented. What's the algorithm? Its triggered when an interface comes up and uses DHCP and gateway mac address info, but will it be triggered when I use a 3rd party VPN client shim driver to connect? Will it notice the routing change and new default gateway?

I learned security through obscurity when I used the ITS operating system - some things haven't changed!

# markk02474@gmail.com said on 16 June, 2008 11:45 AM

Microsoft's security by obscurity:

"The API utilized to register a firewall with the WSC can be obtained by contacting Microsoft at wscisv@microsoft.com. A Non-Disclosure Agreement (NDA) is required for the disclosure of this API due to security concerns."

msdn.microsoft.com/.../bb190942(VS.85).aspx

Title (required)
Name: (required)
Website: (optional)
Comments (required)
Remember Me?

Search

This Blog

Home

Community

Syndication

News

The Windows Server 2008 Security Resource Kit is available!
. You can also order it as part of the whole Windows Server 2008 Resource Kit and save some money.
Or, if you need to know about Vista instead, there is:

If you need a more general approach to help you Protect Your Windows Network, there is a book for that too

There is now a mobile version of the blog.

All postings are copyright Jesper M. Johansson, in the year they were made. These postings are provided "AS IS" with no warranties, and confer no rights. All postings are the sole opinions of Jesper M. Johansson and do not reflect any official opinion of anyone else with whom the poster is affiliated or has been affiliated in the past. Use of included code samples is permitted for non-commercial use, with no warranties of fitness express or implied. All use of any information or code snippets posted in this blog at the user's sole risk. The blog site would like to thank www.ownwebnow.com and www.exchangedefender.com for their support.

Powered by Community Server (Commercial Edition), by Telligent Systems

Jesper's Blog

Thoughts on Security by Obscurity

Comments

Leave a Comment

Search

This Blog

Tags

Community

Archives

Links

Syndication

News