Re: [fw-wiz] DNS Names for external services




Among other things, Paul said:

Snip ...


What's a bigger burden, your support costs or your security costs? If
your VPN is attackable, because of weak userid-passwords or other flaws,
it'll be attacked sooner or later- if you've done your job, then flaws
won't be exploitable and the name doesn't matter- if you've done a poor
implementation or selection job, then all you're doing by hiding is
postponing the inevitable.

Paul

...

I agree. I also support using non eponymous names. Rather than
vpnserver.company.com, something like bart.company.com can be remembered,
but does not immediately tell anyone what the machine might do. So a little
obscurity may help.

Or, make the server as impregnable as possible first, Then give it a name
people can remember, then watch to see if people try to bust in or
compromise it.

Bruce



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards