I was sure that the concept of “security through obscurity” had been thoroughly debunked by now, evidently not.
A recent Freedom of Information Act request for a list of .gov domain names was denied by the GSA. You should know this about me: I am all for state secrets – I think that, realistically, a government must have secrets. This is perhaps an argument for another day.
Given the nature of DNS, cached DNS, etc. how long do you think before some of these “hidden” domains show up anyway?
Let’s be clear: I really don’t think this is a huge deal, but it can be a source of mental fun for the rest of us. So here is a “wake up it is hump day” mental exercise for you (This WILL be graded, you WILL need to know this for the test!):
What would be a more effective “security through obscurity model” for the government to use, while still listing the required domains?
I will start the ball on this (and therefore open myself up to immediate criticism!):
- Register the domains as normal, but do not use obviously descriptive names: Instead of “trackingPrivateCitizens.gov” you might use “TPCProject.gov”, you may even consider using a completely sanitized CRC32 version: 13201934.gov (Free Vidoc Razor T-shirt if you can figure that one out).
- Keep an internal, classified document that maps out the “sanitized domains” with their true descriptions.
How would you set out to discover these “hidden” domains?
- We will assume zone transfer is not available (Could be a big assumption).
- Build a database of known domain names.
- What next?
Feel free to post any ideas – or chide me for wasting your time and making you read this cruft!