Security Through Obscurity
The oldest Information Technology Fable is that There is No ACTUAL Security Through Obscurity. I believe this to be false. The very nature of Obscurity is the basis of everything Security related if you really think about it. Hiding an SSID from Publicly Broadcasting can assist in combatting Hacking Scenarios like Noob War Drivers. Hackers aren’t all smart. Remember Script Kiddies exist lol. Physical Obscurity is used all the time for Security and Safety. Camouflage is a big example of this. Its easier to remain secure when you are less visible. The General Art of War concept of there being Security in The Enemy not knowing Your location. Any joe schmoe walking down the street doesn’t need to be able to flip on their iPhone and brute force your wifi with all the default passwords they can remember. If a War Driver is truly committed to hacking you then the programs they use won’t care if you are broadcasting your WAP’s SSID so don’t get me wrong its not much of an added security measure. You should operate on a Need To Know Mentality and people outside your organization and maybe even your Guests do not Need To Know what your internal SSID is for your WLAN.
Security Through Obscurity relies on the It is What it Is saying morphed into It is What It Isn’t :D
Code Names exist to confuse and obscure stuff n thangs that others Don’t Need To Know. Just Like Radio Call Signs to obscure communications, dialogue, and descriptive data. If a VIP is being escorted somewhere a Security Detail should use Secure Private Radio Communications as well as obscured call signs in case of hacked or eaves dropped comms. This same concept is especially useful when naming data because sometimes even those that can view a Meeting on a Conference Room Calendar Do Not Need To Know a 4 Star General is going to be in Room blah blah at blah blah time for Meeting Title that you Do Not Need to Know. Fake Names and Call Signs all over the place so you make it difficult for enemies and bad actors to know information They Do Not Need to Know. Mishandling of Data and Need To Know Information can lead to real life consequences and even death so make sure to remain vigilant in protecting what is most important to the organization and its people. We would all love for corporations to care about its people more but the fact of the matter is Most Corporations care about making the most money for their Shareholders. Some would say this is indeed how it should be but I believe in a world where what is best for Stakeholders is What is Best for Shareholders. Studies have shown that maintaining a Happy Workforce directly correlates to mitigating the risk and effects of potential Insider Threats. But in the event where you maintain a disgruntled staff you increase the organizations risk to Insider Threats. So Obscuring project names, hiding SSIDs, and using Call Signs all add to the overall Security Posture of the Organization.
