+1,
Security by Obscurity isn't a really sound security principle, proper design and risk mitigation strategies ( like using URLscan on your OWA and a firewall in front of that, and pentesting, fuzzing, and web scanning for any exploits) is a better way to go. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ________________________________ From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, July 16, 2009 10:37 PM To: NT System Admin Issues Subject: RE: Security by obscurity? I'm with you. Make it easy for your users and use appropriate safeguards. -sc From: David Lum [mailto:david....@nwea.org] Sent: Thursday, July 16, 2009 4:42 PM To: NT System Admin Issues Subject: Security by obscurity? I am having a discussion with some of my fellow SE's, they think having OWA's address be hostname.domain.com/exchange instead of mail.companyname.com for "security by obscurity" reasons. I think it's more overhead/help tickets than it worth. Comments? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~