Not speaking for Jeff, just my two cents, if I see a server named firewall.foo.com it narrows my choices of attack enough to save me the time and trouble of having to "figure out" that the machine I'm seeing is a firewall.
I have yet to see someone name a machine creditcarddatabase.foo.com but I've seen plenty of organizations name their machines gw.foo.com and firewall.foo.com which, of course, makes my job that much easier (as a security consultant...not hacker). Then a little TCP OS fingerprinting and running specific exploits to lock-up firewalls, gateways, whatever. If it makes my job easier to hack the box I can only assume that it also makes the job easier for unauthorized persons, etc. Bomm Jeff, What's in a name? If I was to target your network I would not look at your names, perhaps for social engineering, but a network base probe to determine what's open and what's vulnerable, who cares about a name. I guess what I'm saying is nmap doesn't look at names.... My opinion has been to name them what you want. What ever makes sense. If you are not following good security standards and locking down your hosts who cares what the name is. Food for thought. Good Luck, Britt Lindley CISSP -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 07, 2002 3:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Naming Conventions of Servers and Security Jeff, I don't think it really matters...in that it won't make much difference to a hacker. We've been through the same thing in recent years and renaimed our entire domain. We used to use the following convention aabbccc### (a=company division, b=country code, c=location) and that was the same for everything - servers, network device, clients (desktop), printers and so on. We changed to the following convention last year with the exception of servers: aaab### (a=location, b=type of device (C=client, P=printer, N=net device). Servers were just named: aaa### (a=location). This new convention works well for us globally and is easy to manage. Hope it helps ! Ian [EMAIL PROTECTED] on 05/02/2002 16:41:15 To: [EMAIL PROTECTED] cc: Subject: Naming Conventions of Servers and Security I have a question about naming conventions. What is the security communities recommendation on naming servers? Is it safe to name a server by the function the server provides? We are currently looking at renaming our entire domain since there are 4 or 5 different naming conventions currently being used. So far I have been told that naming a server AABCCC## (where A = Company Division B = Type of device [ S = Server, N = Network D = Desktop] C = placement of server [DMZ or PRD or STG]) is weak security because an attacker would have useful knowledge about the server. I feel most attackers would perform some recon of the network and have that information before they went in to attack mode anyway. I realize that it could be easier for an attacker to gain information about the server, but what about the folks who have to work on the server? If a server was to go down or be attacked I would rather know immediately from the name what I could be dealing with or how critical it is to the company that the server is down. Please send me your humble opinions. Thanks Jeff Wichman This e-mail and any attachments are confidential. If you are not the intended recipient, please notify us immediately by reply e-mail and then delete this message from your system. Do not copy this e-mail or any attachment, use the contents for any purposes, or disclose the contents to any other person: to do so could be a breach of confidence. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
