Re: Server naming conventions

[Matthew Gracie <graciem () CANISIUS EDU>]

Woodruff, Daniel wrote:
> What kinds of naming conventions do everyone follow when building new
> servers?
>
>
>
> Currently, our Windows hosts are named following the pattern ‘its-w2ks#’
> or similar, where the # is the next in the sequence, and the names are
> published in DNS. What are the potential drawbacks or using a scheme
> like this? Do you think it is any better or worse from a security
> perspective than using something like ‘its-oracle-1’ which has the
> service right in the name? We’re concerned about disclosing the purpose
> of the machine via its name, and are trying to get an idea of what other
> schools do for their machines. Thanks in advance.

For some servers, which are for internal ITS use only, there is really
no naming convention in place. Mythological figures and horrible puns
tend to be the norm.

For user-facing servers, the DNS name generally reflects the purpose or
service of the server. For example, our domain controllers are named
"ad-canisius" and "ad-canisius2", our Exchange mail stores are "store01"
and "store02", etc. There's probably a slight risk of revealing
information by putting a service right in the name, but frankly, it's no
more information than a simple nmap fingerprinting scan would be likely
to provide.

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg