Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Server naming conventions

From: Sherry Horeanopoulos <sah () FSC EDU>
Date: Thu, 11 Feb 2010 08:51:58 -0500
Thank you all - you have provided me and my officemates with a sidesplitting morning.  I'd give my cashew stash to be a 
part of the .nuts network!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Woodruff, Daniel
Sent: Thursday, February 11, 2010 8:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

This has been a fantastic thread, thanks for all the input and creative naming scheme ideas.

With new servers hosted by University IT here, the Windows Systems group has settled on the 'its-service-p##' type 
style, where 'p' stands for production, 't' would be test, etc. It seems some other institutions do similar and even 
add more information such as location, and you brought up a good point about a nmap scan can easily enumerate the 
services on a box, so I feel more comfortable with that now. And segmenting DNS into different zones is a great idea 
too.

Thanks,

Dan Woodruff
University IT Security and Policy
University of Rochester



Woodruff, Daniel wrote:


What kinds of naming conventions do everyone follow when building new



servers?















Currently, our Windows hosts are named following the pattern 'its-w2ks#'



or similar, where the # is the next in the sequence, and the names are



published in DNS. What are the potential drawbacks or using a scheme



like this? Do you think it is any better or worse from a security



perspective than using something like 'its-oracle-1' which has the



service right in the name? We're concerned about disclosing the purpose



of the machine via its name, and are trying to get an idea of what other



schools do for their machines. Thanks in advance.




For some servers, which are for internal ITS use only, there is really

no naming convention in place. Mythological figures and horrible puns

tend to be the norm.



For user-facing servers, the DNS name generally reflects the purpose or

service of the server. For example, our domain controllers are named

"ad-canisius" and "ad-canisius2", our Exchange mail stores are "store01"

and "store02", etc. There's probably a slight risk of revealing

information by putting a service right in the name, but frankly, it's no

more information than a simple nmap fingerprinting scan would be likely

to provide.



--

Matt Gracie                        (716) 888-8378

Information Security Administrator  [log in to 
unmask]<http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A2%3Dind1002%26L%3DSECURITY%26D%3D0%26P%3D45691>

Canisius College ITS               Buffalo, NY

http://www2.canisius.edu/~graciem/graciem_public_key.gpg<http://www2.canisius.edu/%7Egraciem/graciem_public_key.gpg>
Previous By Date Next
Previous By Thread Next

Current thread: