Re: Filtering email headers generated from internal network (Sensible?)

From: Kyle Maxwell (krmaxwell_at_gmail.com)
Date: 05/10/05

  • Next message: Julian Totzek: "AW: DDos within a pentest" 
    Date: Mon, 9 May 2005 21:44:18 -0500
To: anyluser@yahoo.com

    On 5/9/05, anyluser <anyluser@yahoo.com> wrote:
    > Generally speaking sec through obscurity implies (to
    > me) that you're relying on the obfuscation for more
    > then it's really worth. If you think it'll keep you
    > safe, you're using STO. If you're realistic about
    > your expectations then do a CBA (cost/benefit
    > analysis) and make your decision as to whether or not
    > it's worthwhile.

    Security through obscurity isn't just about denying reconnaissance to
    the enemy; in fact that's probably a worthy security goal. Concealing
    your network information isn't trying to maintain obscurity, it's what
    you want to accomplish. Relying on running servers with non-standard
    port numbers is obscurity, as is assuming that someone will never find
    that unsecured web site with all the supersecret info on it just
    because there aren't any links to it.

    That said, if you think you have exposures because of the mailers
    you're running or because you have poorly secured internal mail
    servers, you're going to get much better bang for the buck fixing
    those first. Like anyluser says, do the cost/benefit analysis, but the
    only "benefit" you're getting is time cost to the attacker
    (essentially zero as the attacker has nothing BUT time), while the
    costs to you may be quite high. 

    -- 
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwell@gmail.com]
  • Next message: Julian Totzek: "AW: DDos within a pentest"

    Relevant Pages