Naming Conventions of Servers and Security

From: jwichman@junebox.com
Date: 02/05/02 

From: jwichman@junebox.com
To: security-basics@securityfocus.com
Date: Tue, 5 Feb 2002 10:41:15 -0600

I have a question about naming conventions.

What is the security communities recommendation on naming servers? Is it
safe to name a server by the function the server provides? We are currently
looking at renaming our entire domain since there are 4 or 5 different
naming conventions currently being used. So far I have been told that
naming a server AABCCC## (where A = Company Division B = Type of device [ S
= Server, N = Network D = Desktop] C = placement of server [DMZ or PRD or
STG]) is weak security because an attacker would have useful knowledge about
the server. I feel most attackers would perform some recon of the network
and have that information before they went in to attack mode anyway.

I realize that it could be easier for an attacker to gain information about
the server, but what about the folks who have to work on the server? If a
server was to go down or be attacked I would rather know immediately from
the name what I could be dealing with or how critical it is to the company
that the server is down.

Please send me your humble opinions.

Thanks

Jeff Wichman

Relevant Pages

  • RE: Naming Conventions of Servers and Security
    ... > Subject: RE: Naming Conventions of Servers and Security ... Naming an Exchange server FTP1, for example, could ... > function would be a potential risk, because if an attacker could gain ...
    (Security-Basics)
  • RE: Naming Conventions of Servers and Security
    ... If I was to target your network I would not look at your ... Naming Conventions of Servers and Security ... safe to name a server by the function the server provides? ... I realize that it could be easier for an attacker to gain information about ...
    (Security-Basics)
  • Re: Cluster Instance Naming
    ... As far as naming conventions go, you have virtual server names that should ... follow your organization's internal server name policies, ... In either case, as Geoff suggests, keep it consistent. ... > Senior Database Administrator ...
    (microsoft.public.sqlserver.clustering)
  • RE: Naming Conventions of Servers and Security
    ... internet-land. ... Naming Conventions of Servers and Security ... Cartman for the big fat storage server ... > STG]) is weak security because an attacker would have useful knowledge ...
    (Security-Basics)
  • RE: Naming Conventions of Servers and Security
    ... Not speaking for Jeff, just my two cents, if I see a server named firewall.foo.com it narrows my choices of attack enough to save me the time and trouble of having to "figure out" that the machine I'm seeing is a firewall. ... Naming Conventions of Servers and Security ...
    (Security-Basics)