samba hide shares

Von Fugal von at fugal.net
Mon Sep 13 23:53:05 MDT 2010


<quote name="Levi Pearson" date="Mon, 13 Sep 2010 at 20:27 -0600">
> On Mon, Sep 13, 2010 at 7:44 PM, Von Fugal <von at fugal.net> wrote:
> > <quote name="Merrill Oveson" date="Mon, 13 Sep 2010 at 11:50 -0600">
> >> yeah, they can't get in - that is if they click on it, they're
> >> prompted for user name and password.
> >>
> >> I believe the first rule of security is "Don't show the thief where
> >> the doors are."
> >
> > That is a disastrous policy. "Security by obscurity" it is often called,
> > and it's almost a derogatory term. If you want to add obscurity as one
> > final layer on top of a well thought out and implemented security
> > strategy, then go for it, but to call it the first rule is just folly.
<snip/>
> In this case, he's clearly got other security measures in place
> (described in the immediately preceding line, even!), and hiding the
> secured shares is likely to decrease the incidence of random or
> opportunistic attacks, so his actual policy is not disastrous at all.
> Calling his policy 'disastrous' is uncalled for when it's clearly not
> disastrous.

And I clearly mentioned that obscurity is a perfectly valid part of an
overall security plan. What I called disastrous was not any particular
security plan and not his. What I called disastrous was "the first rule
of security is obscurity". And I stand by it. Ya, I called it a
disastrous policy. Not the best choice of words on my part. It's a
disastrous axiom. How's that?

Von Fugal
-- 
Government is a disease that masquerades as its own cure
-- Robert Lefevre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20100913/898e97b6/attachment-0001.bin 


More information about the PLUG mailing list