Is security through obscurity ever a useful way to protect your network, or does it just make things easier for corporate spies and hackers? This week in Unix Security, Carole Fennelly investigates who's benefiting from this security tactic.
That accusation was leveled at me. I'd recommended that a client have internal headers stripped out of email at the firewall before that mail was being outside the company. I thought this was just good common sense. I even provided the technical solution to do it with the MTA the client was running (Sendmail). The admins balked and said, "No one does this." OK. So I asked the gods at Sendmail.org for guidance. To my surprise, they also felt it was unnecessary, even inadvisable. In fact, it was said that I was "paranoid" and relying on "security by obscurity."
The link for this article located at SunWorld is no longer available.
