RE: Filtering email headers generated from internal network (Sensible?)

[anyluser <anyluser () yahoo com>]

IMO there's a balance between sec through obscurity
(STO) and flat out information leakage.  Just as most
things in security, this as much a balance as any
other.  

Generally speaking sec through obscurity implies (to
me) that you're relying on the obfuscation for more
then it's really worth.  If you think it'll keep you
safe, you're using STO.  If you're realistic about
your expectations then do a CBA (cost/benefit
analysis) and make your decision as to whether or not
it's worthwhile.  

IMO if there's a mail routing infrastructure behind
your borders then you should obscure it to the
outside, if you have the time.  That'

Granted it wont make you secure but it'll least keep
your infrastructure details relatively private, which
being the paranoid lot we probably are is a good
thing.  :)






-----Original Message-----
From: Bipin Gautam [mailto:visitbipin () hotmail com] 
Sent: Monday, May 09, 2005 10:36 AM
To: pen-test () securityfocus com
Subject: Filtering email headers generated from
internal network (Sensible?)




Is it sensible to filter extra email headers in the
gateway generated from your internal network before it
leaves your server, so that Information like...  
User-Agent:, X-Virus-Scanned:,  and those EXTRA hopps
of  Received from: (headers........)     won't leak
out, which could be a valuable information for a
potential intruder. Moreover the trouble multiplies if
a software exploit is realesed before patch. It is
kinda Security by obscurity. But if it buys you some
extra time to act isn't is sensible to impliment or
just too paranoid? 

drop your views,
Bipin Gautam
http://bipin.sosvulnerable.net/


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com