Back to Security Pattern Catalog
: Security Pattern Space
An attacker who knows how the system works internally has an advantage over someone who has to go through reconnaissance activities. Normally COTS (Commercial off the Shelf) components are used to implement some security mechanism. But the COTS components are available for the attackers to analyze and therefore using them would expose the internal workings of the system to the attackers.
How can the internal workings of COTS components be hidden from the attacker ?
Customize variations in the system to make them different from regular security implementation. Limit the modifications as they do not defeat the purpose itself.
Tripwire for Web pages. The Deception Toolkit.
Kienzle et. al. Repository
Variation, Attack Prevention
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz