Some people believe that their computer systems are more secure if the person attacking their systems don’t know some facts, like what port their SQL Server instance is using or by not disclosing the written specifications for critical software functions. Those people believe that if malicious attackers don’t know how the system is secured, security will be better. Although this might seem logical, it’s actually easy to see how it is untrue if you think about if for a few minutes. Insider attacks by employees, one of the most common forms of an attack, will already know the port used or how your software works.
The problem with security through ignorance is it just leads to a false sense of security, which is usually much more dangerous than not doing anything at all. Assume you are working with an intelligent attacker, and that your weak half-attempts to secure your systems will delay the attacker all of about 2 minutes. Spend your time and effort for implementing true security measures and you will sleep better each night.