Re: Server naming conventions

[Chris Bennett <bennetc () LCC EDU>]

> From Lansing Michigan of course almost all of our servers are named after cars.  Luckily we have a lot of car names to 
> choose from as we get new model names each year.  We do have a Prius, but it did not show up in the recall.  We never 
> hit the brakes anyway.  We also are the LCC Stars, so we have some star names from years ago.  

 

Chris Bennett, GSNA, GSEC

Director of Information Security

Lansing Community College

517-483-5264 (O)  517-483-1758 (F)

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Stucky, 
David
Sent: Thursday, February 11, 2010 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

 

I guess I will chime in about server names.  I had a group of servers that where named after things found in a garden.  
One of them was originally named "weed" without too much thought put into it.  I renamed that server before it was put 
into production.

 

I also named a  server "crystal" once as a reference to using a crystal ball to see into the future.  One co-worker 
kept asking me if it was the name of old girlfriend, even though I kept explaining to them it was chosen very loosely 
based on what the application was being used for; future optimization of scheduling/utilization for resources.  I now 
think a little more about how I name servers.  

 

I also named another group of servers after the Noble Gases (low chemical reactivity) from the Periodic Table of 
Elements.  Actually there are several groupings of elements in the table with a number of names.  The six noble gases 
gave me just enough names with a couple extra for future growth.  Imagine using a periodic table of elements as part of 
your network documentation.

 

These were all internal names; not necessarily the names the users knew their applications by.

 

Thanks.

 

David Stucky, CISSP, GSEC

Systems Security Analyst

Office of Human Resources

The Pennsylvania State University

503 James M. Elliott Building

University Park, PA 16802

Office: 814-865-4049

E-mail: dys5 () psu edu

http://www.ohr.psu.edu

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sherry 
Horeanopoulos
Sent: Thursday, February 11, 2010 8:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

 

Thank you all - you have provided me and my officemates with a sidesplitting morning.  I'd give my cashew stash to be a 
part of the .nuts network!

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Woodruff, Daniel
Sent: Thursday, February 11, 2010 8:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

 

This has been a fantastic thread, thanks for all the input and creative naming scheme ideas. 

 

With new servers hosted by University IT here, the Windows Systems group has settled on the 'its-service-p##' type 
style, where 'p' stands for production, 't' would be test, etc. It seems some other institutions do similar and even 
add more information such as location, and you brought up a good point about a nmap scan can easily enumerate the 
services on a box, so I feel more comfortable with that now. And segmenting DNS into different zones is a great idea 
too.

 

Thanks,

 

Dan Woodruff

University IT Security and Policy

University of Rochester

 

 

Woodruff, Daniel wrote:
> What kinds of naming conventions do everyone follow when building new
> servers?
>
>  
>
> Currently, our Windows hosts are named following the pattern 'its-w2ks#'
> or similar, where the # is the next in the sequence, and the names are
> published in DNS. What are the potential drawbacks or using a scheme
> like this? Do you think it is any better or worse from a security
> perspective than using something like 'its-oracle-1' which has the
> service right in the name? We're concerned about disclosing the purpose
> of the machine via its name, and are trying to get an idea of what other
> schools do for their machines. Thanks in advance.
 
For some servers, which are for internal ITS use only, there is really
no naming convention in place. Mythological figures and horrible puns
tend to be the norm.
 
For user-facing servers, the DNS name generally reflects the purpose or
service of the server. For example, our domain controllers are named
"ad-canisius" and "ad-canisius2", our Exchange mail stores are "store01"
and "store02", etc. There's probably a slight risk of revealing
information by putting a service right in the name, but frankly, it's no
more information than a simple nmap fingerprinting scan would be likely
to provide.
 
-- 
Matt Gracie                        (716) 888-8378
Information Security Administrator  [log in to unmask] 
<http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A2%3Dind1002%26L%3DSECURITY%26D%3D0%26P%3D45691> 
Canisius College ITS               Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg <http://www2.canisius.edu/%7Egraciem/graciem_public_key.gpg>