After seeing some recent cyber attacks, I’ve been thinking about whether it’s smart for businesses to share detailed information about their server setups online. I noticed some companies write blog posts where they talk about their exact hardware specs, including what kind of processors they use and even which manufacturers they buy from. I get that they want to be open with their customers and show they have good infrastructure, but doesn’t this give hackers too much information to work with? It seems like sharing these technical details might make it easier for bad people to plan attacks. What do you think - is being transparent about your backend worth the extra security risk?
depends on what info theyre sharing. mentioning aws or azure? not a big deal - half the internet runs on those. but posting exact server configs or software versions? thats dumb. most companies that get hacked have way bigger problems than their tech blog posts tho.
There’s a significant distinction between sharing broad technological strategies and disclosing sensitive security details. I have managed enterprise systems for several years, and discussing high-level infrastructure decisions typically does not assist attackers. It is widely known that organizations utilize Intel chips or AWS services, which doesn’t provide actionable intelligence. The main issue arises when specific configurations, version numbers, network topologies, or intricate security mechanisms are revealed. For instance, stating ‘we utilize microservices’ in a blog post is acceptable, but publishing granular details like firewall rules or database access credentials is risky. Most successful attacks occur due to human errors, unpatched software, or misconfigurations rather than from information gleaned from an open infrastructure overview. Companies should concentrate on implementing robust access controls, maintaining updates, and training personnel, rather than attempting to conceal all details. Openness regarding general capabilities can enhance customer trust without compromising security.