RE: Filtering email headers generated from internal network (Sensible?)

From: anyluser (anyluser_at_yahoo.com)
Date: 05/09/05

  • Next message: Thierry Zoller: "Re: DDos within a pentest" 
    Date: Mon, 9 May 2005 11:23:16 -0700 (PDT)
To: visitbipin@hotmail.com, pen-test@securityfocus.com

    IMO there's a balance between sec through obscurity
    (STO) and flat out information leakage. Just as most
    things in security, this as much a balance as any
    other.

    Generally speaking sec through obscurity implies (to
    me) that you're relying on the obfuscation for more
    then it's really worth. If you think it'll keep you
    safe, you're using STO. If you're realistic about
    your expectations then do a CBA (cost/benefit
    analysis) and make your decision as to whether or not
    it's worthwhile.

    IMO if there's a mail routing infrastructure behind
    your borders then you should obscure it to the
    outside, if you have the time. That'

    Granted it wont make you secure but it'll least keep
    your infrastructure details relatively private, which
    being the paranoid lot we probably are is a good
    thing. :)

    -----Original Message-----
    From: Bipin Gautam [mailto:visitbipin@hotmail.com]
    Sent: Monday, May 09, 2005 10:36 AM
    To: pen-test@securityfocus.com
    Subject: Filtering email headers generated from
    internal network (Sensible?)

    Is it sensible to filter extra email headers in the
    gateway generated from your internal network before it
    leaves your server, so that Information like...
    User-Agent:, X-Virus-Scanned:, and those EXTRA hopps
    of Received from: (headers........) won't leak
    out, which could be a valuable information for a
    potential intruder. Moreover the trouble multiplies if
    a software exploit is realesed before patch. It is
    kinda Security by obscurity. But if it buys you some
    extra time to act isn't is sensible to impliment or
    just too paranoid?

    drop your views,
    Bipin Gautam
    http://bipin.sosvulnerable.net/

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

  • Next message: Thierry Zoller: "Re: DDos within a pentest"

    Relevant Pages

    • RE: Concepts: Security and Obscurity
      ... resources are limited and thus there is a cost to life. ... It is not obscurity in the manner being ... more you spend on security the less of an advantage is gained. ... It also ignores the requirements of a control function. ...
      (Security-Basics)
    • RE: Re: Concepts: Security and Obscurity
      ... so long as you understand that the server location and port number ... security in the slightest." ... Beale's assertion that "Obscurity Potentially Slows Down the Attacker". ... BDO Kendalls is a national association of separate partnerships and entities. ...
      (Security-Basics)
    • Re: NAT external/Public IP
      ... I remember working for an ISP a long while back that was threatened to be disconnected from the Internet if they did not stop routing the 10.x range in their BGP tables. ... Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. ... Why not Security by Design plus Security by Obscurity? ...
      (Security-Basics)
    • RE: Concepts: Security and Obscurity
      ... Subject: Concepts: Security and Obscurity ... I have at no point claimed absolute security measures or cost ... It also ignores the requirements of a control function. ...
      (Security-Basics)
    • RE: Re: Concepts: Security and Obscurity
      ... Subject: Concepts: Security and Obscurity ... BDO Kendalls is a national association of separate partnerships and entities. ... Maybe we can all agree that "port obscurity" is a special case of STO. ...
      (Security-Basics)