Obscurity Is a Valid Security Layer

[hammock]

This argument is a strawman. Does OP have a real example of someone arguing that obscurity as a layer on top of good security is a bad thing?

[pjungwir]

I hear people call moving the ssh port "security by obscurity" all the time. For instance:

http://serverfault.com/questions/189282/why-change-default-s...

http://serverfault.com/questions/316516/does-changing-defaul...

[raesene2]

Yeah go look on security stackexchange and you'll see it quite a bit, people just cargo cult the idea of obscurity == bad and don't consider the points made in OP's article

[danpalmer]

I don't think it's that bad, but if you believe that security through obscurity is not secure, and you are using it with something that is secure, then it is in practice adding nothing, and not worth it.