This all begs the question of why "mail.company.com/exchange" would be considered any more obscure/secure than "obscure.company.com"? With the second being at least a shorter entry for users to type when accessing the site. TVK
-----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, July 16, 2009 4:37 PM To: NT System Admin Issues Subject: Re: Security by obscurity? On Thu, Jul 16, 2009 at 4:42 PM, David Lum<david....@nwea.org> wrote: > I am having a discussion with some of my fellow SE's, they think having > OWA's address be hostname.domain.com/exchange instead of > mail.companyname.com for "security by obscurity" reasons. It's all about risk management. What specific threat does having a different name for OWA counter? How effective will that countermeasure be? What will it cost you? As Bill Songstad says, script kiddies scan for IP addresses, and a directed attacker will probabbly be able to do the research needed to figure things out. Worms and other undirected, automated threats also use IP addresses. The only thing I can think of that this might help would be to reduce noise from casual intrusion attempts. For example, if you're <giantcompany.com>, you might want your webmail on <obscure.giantcompany.com> instead of <mail.giantcompany.com>, just to reduce the log noise from random people trying the typical name. It's akin to turning down the vibration sensitivity in your car alarm because you don't want it waking you up in the night just because somebody tried the handle, found it locked, and moved on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
