Management Console Access – Obscurity by Security and vice versa
Every discussion about security sooner or later connects to the wonderful word obscurity. Mentioning security by obscurity is a guaranteed way of losing sight of the facts. It is vital to actually fix weaknesses and introduce strong separation of systems when implementing security. Furthermore, the leakage of useful information to potential adversaries should be eliminated. That’s the theory. Enter the discussions we have witnessed in real life and in the Internet. A common tactic is to strip information from communication protocols that is not needed for transporting the message. Version numbers, host names, addresses, and other pieces of data are often removed when a server answers requests. Especially web applications send a ton of useful information to clients. You can see the structure of the web space, components used for rendering, server systems involved,