Sure. But what I'm saying is that if you configure autodiscovery, what's the point of having OWA at "obscurehost.company.com" as opposed to "mail.company.com"? autodiscovery tells OA clients to go to obscurehost.company.com, and also tells any decent attacker that's where to go too.
Cheers Ken ________________________________________ From: Michael B. Smith [[email protected]] Sent: Friday, 17 July 2009 11:36 AM To: NT System Admin Issues Subject: RE: Security by obscurity? you can manipulate these to whereever/whatever you want. they must be valid, insofar as DNS is concerned - but exchange doesn't care. ________________________________________ From: Ken Schaefer [[email protected]] Sent: Thursday, July 16, 2009 9:15 PM To: NT System Admin Issues Subject: RE: Security by obscurity? And if you use autodiscovery, won't people be able to figure this out anyway? Unless Outlook Anywhere clients go to somewhere else other than where you are hosting OWA. Cheers Ken ________________________________________ From: Tim Vander Kooi [[email protected]] Sent: Friday, 17 July 2009 8:04 AM To: NT System Admin Issues Subject: RE: Security by obscurity? This all begs the question of why "mail.company.com/exchange" would be considered any more obscure/secure than "obscure.company.com"? With the second being at least a shorter entry for users to type when accessing the site. TVK -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, July 16, 2009 4:37 PM To: NT System Admin Issues Subject: Re: Security by obscurity? On Thu, Jul 16, 2009 at 4:42 PM, David Lum<[email protected]> wrote: > I am having a discussion with some of my fellow SE's, they think having > OWA's address be hostname.domain.com/exchange instead of > mail.companyname.com for "security by obscurity" reasons. It's all about risk management. What specific threat does having a different name for OWA counter? How effective will that countermeasure be? What will it cost you? As Bill Songstad says, script kiddies scan for IP addresses, and a directed attacker will probabbly be able to do the research needed to figure things out. Worms and other undirected, automated threats also use IP addresses. The only thing I can think of that this might help would be to reduce noise from casual intrusion attempts. For example, if you're <giantcompany.com>, you might want your webmail on <obscure.giantcompany.com> instead of <mail.giantcompany.com>, just to reduce the log noise from random people trying the typical name. It's akin to turning down the vibration sensitivity in your car alarm because you don't want it waking you up in the night just because somebody tried the handle, found it locked, and moved on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
