Re: Filtering email headers generated from internal network (Sensible?)

[Kyle Maxwell <krmaxwell () gmail com>]

On 5/9/05, anyluser <anyluser () yahoo com> wrote:
> Generally speaking sec through obscurity implies (to
> me) that you're relying on the obfuscation for more
> then it's really worth.  If you think it'll keep you
> safe, you're using STO.  If you're realistic about
> your expectations then do a CBA (cost/benefit
> analysis) and make your decision as to whether or not
> it's worthwhile.

Security through obscurity isn't just about denying reconnaissance to
the enemy; in fact that's probably a worthy security goal. Concealing
your network information isn't trying to maintain obscurity, it's what
you want to accomplish. Relying on running servers with non-standard
port numbers is obscurity, as is assuming that someone will never find
that unsecured web site with all the supersecret info on it just
because there aren't any links to it.

That said, if you think you have exposures because of the mailers
you're running or because you have poorly secured internal mail
servers, you're going to get much better bang for the buck fixing
those first. Like anyluser says, do the cost/benefit analysis, but the
only "benefit" you're getting is time cost to the attacker
(essentially zero as the attacker has nothing BUT time), while the
costs to you may be quite high.

-- 
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwell () gmail com]