Re: [fw-wiz] DNS Names for external services



I have to agree with the view that obfuscation/obscurity is not the
way to go. It increases the difficulty of use and, in this case,
provides very little benefit.

See
"Why Security-Through-Obscurity Won't Work"
(http://slashdot.org/features/980720/0819202.shtml)
"What is "security through obscurity""
(http://users.softlab.ntua.gr/~taver/security/secur3.html)

For a wider discussion see
"Secrecy, Security, and Obscurity"
(http://www.schneier.com/crypto-gram-0205.html)




On 13 April 2010 21:22, Jim Seymour <jseymour@xxxxxxxxxxx> wrote:
From: "Behm, Jeff" <jbehm@xxxxxxxxxxxx>
To: Firewall Wizards Security Mailing List
      <firewall-wizards@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 13 Apr 2010 11:16:06 -0500
Subject: [fw-wiz] DNS Names for external services

Just curious, what is your opinions of the security vs. ease of use
trade-offs on putting DNS entries in (vs. making people know/use an
IP address) for services you expose to the Internet.
[snip]

I believe there's nothing significant to be gained by such
obfuscation.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards