DiscussWorldIssues - Socio-Economic Religion and Political Uncensored Debate - View Single Post

**LOVEBoy** · 10-15-2009, 01:06 AM

IP addresses are public and can not be obfuscated. If they post the IP address and specify the hardware that resides at that address, then a malicious user whom is familiar with the hardware (and its various security holes) could compromise the security of the network. However, during this process, finding the IP address is an insignificant effort.

I am not really a fan of security through obscurity. I think that posting the IP address should not lessen the security since an obscure IP address provides 0 security in the first place.

I don't agree at all, it's very difficult to find out the IP address of a server for a particular company if it's not registered anywhere or freely advertised.

Providing the least amount of information as possible is a form of security, need to know basis and should be used at all times.

Advertising on your website that your servers are in the 220.168.120.54-60 example and detailing what ports are open (ala citrix ICA/https/dns/smtp whatever) is infanately more damaging than someone descoverying that range, with that port open but not knowing who it belongs to.

Knowing the company, means you could then social engineer the knowledge of domains, usernames etc... and you're already halfway there to breaking into a system.

10-15-2009, 01:06 AM	#13
LOVEBoy Join Date Oct 2005 Posts 487 Senior Member	IP addresses are public and can not be obfuscated. If they post the IP address and specify the hardware that resides at that address, then a malicious user whom is familiar with the hardware (and its various security holes) could compromise the security of the network. However, during this process, finding the IP address is an insignificant effort. I am not really a fan of security through obscurity. I think that posting the IP address should not lessen the security since an obscure IP address provides 0 security in the first place. I don't agree at all, it's very difficult to find out the IP address of a server for a particular company if it's not registered anywhere or freely advertised. Providing the least amount of information as possible is a form of security, need to know basis and should be used at all times. Advertising on your website that your servers are in the 220.168.120.54-60 example and detailing what ports are open (ala citrix ICA/https/dns/smtp whatever) is infanately more damaging than someone descoverying that range, with that port open but not knowing who it belongs to. Knowing the company, means you could then social engineer the knowledge of domains, usernames etc... and you're already halfway there to breaking into a system.
	Quote