samba hide shares

Levi Pearson levipearson at gmail.com
Mon Sep 13 20:27:54 MDT 2010


On Mon, Sep 13, 2010 at 7:44 PM, Von Fugal <von at fugal.net> wrote:
> <quote name="Merrill Oveson" date="Mon, 13 Sep 2010 at 11:50 -0600">
>> yeah, they can't get in - that is if they click on it, they're
>> prompted for user name and password.
>>
>> I believe the first rule of security is "Don't show the thief where
>> the doors are."
>
> That is a disastrous policy. "Security by obscurity" it is often called,
> and it's almost a derogatory term. If you want to add obscurity as one
> final layer on top of a well thought out and implemented security
> strategy, then go for it, but to call it the first rule is just folly.

A quick Google search shows that there's a different "first rule of
security" for everyone that mentions it.  The truth is, "security" is
not objectively defined, and there are no fixed rules and certainly no
fixed order for them, so "first rule of security" is an empty
rhetorical device to introduce an author's particular security plan.
Criticizing any mention of a "first rule" is therefore a meaningless
endeavor if you don't know what the following rules and plan are.  It
might be the opening of a good plan, or it might be the opening of a
bad one.  You have no idea if it's not developed further.

In this case, he's clearly got other security measures in place
(described in the immediately preceding line, even!), and hiding the
secured shares is likely to decrease the incidence of random or
opportunistic attacks, so his actual policy is not disastrous at all.
Calling his policy 'disastrous' is uncalled for when it's clearly not
disastrous.

        --Levi


More information about the PLUG mailing list