RE: Naming Conventions of Servers and Security

From: Dan.Hemphill@mwhse.com
Date: 02/07/02


From: Dan.Hemphill@mwhse.com
To: CSNOW@ddpwa.com, jwichman@junebox.com, security-basics@securityfocus.com
Date: Thu, 7 Feb 2002 13:15:24 -0500 

It could be beneficial to name them incorrectly, but could also be a
logistical nightmare. Naming an Exchange server FTP1, for example, could
really through a hacker for a loop after he enumerates the resources.

I would say it's not recommended unless the organization is extremely small.

-----Original Message-----
From: Snow, Corey [mailto:CSNOW@ddpwa.com]
Sent: Wednesday, February 06, 2002 1:09 PM
To: 'jwichman@junebox.com'; security-basics@securityfocus.com
Subject: RE: Naming Conventions of Servers and Security

Interesting question. I never considered that the name of a server would be
a potential security risk, but I never name my servers by their function
anyway. I usually pick a theme and name them that way. These days, I use the
character names from my favorite SF television show.

I would tend to agree that in principle, naming a computer after its
function would be a potential risk, because if an attacker could gain
enough access to enumerate network resources, it would be simple to identify
those targets which should be focused on. It would certainly simplify the
"recon" phase of any sophisticated attack.

I would not recommend a naming scheme like the one you show below, for those
reasons. Besides, giving servers silly names is part of the fun of being in
IT. ;-) For desktops, some organizations name them after the person who uses
it, but that means the name must be changed every time the box changes
hands. If you use asset tags on your equipment, maybe naming desktops using
that data is a good way to go.

Regards,

Corey Snow

> -----Original Message-----
> From: jwichman@junebox.com [mailto:jwichman@junebox.com]
> Sent: Tuesday, February 05, 2002 8:41 AM
> To: security-basics@securityfocus.com
> Subject: Naming Conventions of Servers and Security
>
>
> I have a question about naming conventions.
>
> What is the security communities recommendation on naming
> servers? Is it
> safe to name a server by the function the server provides?
> We are currently
> looking at renaming our entire domain since there are 4 or 5 different
> naming conventions currently being used. So far I have been told that
> naming a server AABCCC## (where A = Company Division B = Type
> of device [ S
> = Server, N = Network D = Desktop] C = placement of server
> [DMZ or PRD or
> STG]) is weak security because an attacker would have useful
> knowledge about
> the server. I feel most attackers would perform some recon
> of the network
> and have that information before they went in to attack mode anyway.
>
> I realize that it could be easier for an attacker to gain
> information about
> the server, but what about the folks who have to work on the
> server? If a
> server was to go down or be attacked I would rather know
> immediately from
> the name what I could be dealing with or how critical it is
> to the company
> that the server is down.
>
> Please send me your humble opinions.
>
> Thanks
>
> Jeff Wichman
>
>

#########################################################
The information contained in this e-mail and subsequent attachments may be
privileged,
confidential and protected from disclosure. This transmission is intended
for the sole
use of the individual and entity to whom it is addressed. If you are not
the intended
recipient, any dissemination, distribution or copying is strictly
prohibited. If you
think that you have received this message in error, please e-mail the sender
at the above
e-mail address.
#########################################################



Relevant Pages

  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.windows.server.sbs)
  • [REVS] Combating Reverse Telnet using OpenBSD Packet Filter
    ... Beyond Security would like to welcome Tiscali World Online ... could give you access to the files in the server that is running DragonFly ... The attacker can simply implant or upload backdoor ... block in quick on $EXTIF inet proto tcp from any to any flags FUP/FUP ...
    (Securiteam)
  • [NEWS] Oracle9i Application Server Format String Vulnerability
    ... Beyond Security would like to welcome Tiscali World Online ... Oracle's 9i Application Server offers a highly functional web server ... If an attacker uses ... NGSSoftware alerted Oracle to this vulnerability on 24 September 2002. ...
    (Securiteam)
  • [NT] Multiple Vulnerabilities in SuperScout Web Reports Server
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Contains the usernames and passwords for each user of the reports server. ... an attacker can access any reports available on the ...
    (Securiteam)