Educause Security Discussion mailing list archives

Re: Server naming conventions

From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 11 Feb 2010 09:00:32 +1300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

been there and done that a dozen times :)

My take (from a security perspective) is that if you are relying on crackers not being able to figure out what the 
machine does because it has an 'anonymous' name then the game is already over (and you lost ;).  OK this is an over 
statement but you get the idea.

I tell our folk "use what works best for you in your day to day work".

Our servers are now named to link them with owners, services and level (dev, tst, prd).  

examples:

esgssoprd01.its.auckland.ac.nz
esgssoprd02.its.auckland.ac.nz

esg - Enterprise Systems Group (who own the boxes)
sso  - single sign on (service)
prd - Production
nn -- sever instance


We moved to this convention about a year ago and the admins like it.  It isnt as much fun as the old system (our 4 
outbound mail servers are named for the Marx Brothers and the 3 inbound server named for the 3 stooges) but it is a lot 
easier to learn and less error prone.  We have had the wrong systems patched before today :)

It also means that when I see stuff in the IDS I don't have to think "Pavo, hmm... is that the oracle box or ...."

R

On 11/02/2010, at 8:17 AM, Woodruff, Daniel wrote:

What kinds of naming conventions do everyone follow when building new servers?
 
Currently, our Windows hosts are named following the pattern ‘its-w2ks#’ or similar, where the # is the next in the 
sequence, and the names are published in DNS. What are the potential drawbacks or using a scheme like this? Do you 
think it is any better or worse from a security perspective than using something like ‘its-oracle-1’ which has the 
service right in the name? We’re concerned about disclosing the purpose of the machine via its name, and are trying 
to get an idea of what other schools do for their machines. Thanks in advance.
 
Dan Woodruff
University IT Security and Policy
University of Rochester


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAktzEGAACgkQSpVpSn7mj4ykkwCfXr5ygumej4vVkdvNttyulgdt
QIEAnjoLouBR9giwUZ9LQ48amMbbyTCR
=rdP/
-----END PGP SIGNATURE-----

Current thread:

Server naming conventions Woodruff, Daniel (Feb 10)
- <Possible follow-ups>
- Re: Server naming conventions Matthew Gracie (Feb 10)
- Re: Server naming conventions Kevin Kelly (Feb 10)
- Re: Server naming conventions Russell Fulton (Feb 10)
- Re: Server naming conventions Sauvigne, Craig M (Feb 10)
- Re: Server naming conventions Parker, Ron (Feb 10)
- Re: Server naming conventions Pete Hickey (Feb 10)
- Re: Server naming conventions Greg Francis (Feb 10)
- Re: Server naming conventions John Kristoff (Feb 10)
- Re: Server naming conventions Perloff, Jim (Feb 10)
- Re: Server naming conventions Jones, Dan (Feb 10)
- Re: Server naming conventions Stanclift, Michael (Feb 10)
- Re: Server naming conventions Bruce Carter (Feb 10)
- Re: Server naming conventions Ken Connelly (Feb 10)

(Thread continues...)