I have a question about naming conventions. What is the security communities recommendation on naming servers? Is it safe to name a server by the function the server provides? We are currently looking at renaming our entire domain since there are 4 or 5 different naming conventions currently being used. So far I have been told that naming a server AABCCC## (where A = Company Division B = Type of device [ S = Server, N = Network D = Desktop] C = placement of server [DMZ or PRD or STG]) is weak security because an attacker would have useful knowledge about the server. I feel most attackers would perform some recon of the network and have that information before they went in to attack mode anyway.
I realize that it could be easier for an attacker to gain information about the server, but what about the folks who have to work on the server? If a server was to go down or be attacked I would rather know immediately from the name what I could be dealing with or how critical it is to the company that the server is down. Please send me your humble opinions. Thanks Jeff Wichman
