The naming of servers is something that I feel is down the the Sysadmin. In my past networks, I have used rather cryptic Domain/Server names, based, firstly on The Magic Roundabout (Boing) and secondly on the Milky Way (Saturn, etc)
You can then keep a list of what does what, because it is only really you who needs to know. try using the popular (?) cartoon South Park Cartman for the big fat storage server Stan for the IIs/email because he is always communicating Kenny for the honeypot (because he always dies) etc etc etc. Hope this helps Andrew Andrew Jones ASTA[R] Meggitt Petroleum Systems Tel +44 (0)2476 697417 Ext. 40 Fax +44 (0)2476 418210 [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: 05 February 2002 16:41 > To: [EMAIL PROTECTED] > Subject: Naming Conventions of Servers and Security > > I have a question about naming conventions. > > What is the security communities recommendation on naming servers? Is it > safe to name a server by the function the server provides? We are > currently > looking at renaming our entire domain since there are 4 or 5 different > naming conventions currently being used. So far I have been told that > naming a server AABCCC## (where A = Company Division B = Type of device [ > S > = Server, N = Network D = Desktop] C = placement of server [DMZ or PRD or > STG]) is weak security because an attacker would have useful knowledge > about > the server. I feel most attackers would perform some recon of the network > and have that information before they went in to attack mode anyway. > > I realize that it could be easier for an attacker to gain information > about > the server, but what about the folks who have to work on the server? If a > server was to go down or be attacked I would rather know immediately from > the name what I could be dealing with or how critical it is to the company > that the server is down. > > Please send me your humble opinions. > > Thanks > > Jeff Wichman >
