Re: [fw-wiz] DNS Names for external services
- From: Frank Knobbe <frank@xxxxxxxxx>
- Date: Sat, 17 Apr 2010 10:50:31 -0500
On Tue, 2010-04-13 at 17:30 -0400, Bruce B. Platt wrote:
I agree. I also support using non eponymous names. Rather than
vpnserver.company.com, something like bart.company.com can be remembered,
but does not immediately tell anyone what the machine might do. So a little
obscurity may help.
Or, make the server as impregnable as possible first, Then give it a name
people can remember, then watch to see if people try to bust in or
compromise it.
Or, use "bart" for your legitimate VPN, and point "vpn" to a honeypot
that screams loudly when tickled. That way you are actually deriving a
benefit from it rather than just obscurity. Likewise, if you don't run
an FTP server (or CVS, or POP3, or...), setup DNS records for those
pointing to your honeypot. Use it to respond in anyway you see fit for
defense of your network (blocking the IP, etc).
Regards,
Frank
--
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] DNS Names for external services
- From: Morty
- Re: [fw-wiz] DNS Names for external services
- References:
- [fw-wiz] DNS Names for external services
- From: Behm, Jeff
- Re: [fw-wiz] DNS Names for external services
- From: Paul D. Robertson
- Re: [fw-wiz] DNS Names for external services
- From: Bruce B. Platt
- [fw-wiz] DNS Names for external services
- Prev by Date: Re: [fw-wiz] Firewall best practices
- Next by Date: Re: [fw-wiz] Firewall best practices
- Previous by thread: Re: [fw-wiz] DNS Names for external services
- Next by thread: Re: [fw-wiz] DNS Names for external services
- Index(es):
