Firewall Wizards mailing list archives
Re: DNS Names for external services
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 13 Apr 2010 15:19:09 -0400 (EDT)
On Tue, 13 Apr 2010, Behm, Jeff wrote:
Just curious, what is your opinions of the security vs. ease of use trade-offs on putting DNS entries in (vs. making people know/use an IP address) for services you expose to the Internet.
I've said this for years, but it bears repeating: Obsucrity reduces the incidence of attack, not the success rate.
For example, webmail.companynamehere.com for your webmail service www.companynamehere.com for your web site The two above are typically common and don't cause me much concern. What about this next one? vpn.companynamehere.com for your employees to access your company's VPN server It's this last one that really begs the question. Should I just as well use the name "attackmehere.companynamehere.com" rather than vpn.companynamehere.com. I searched around on the Internet, but couldn't really find pros and cons... Just looking for opinions. There are no "right" answers ;-)
What's a bigger burden, your support costs or your security costs? If your VPN is attackable, because of weak userid-passwords or other flaws, it'll be attacked sooner or later- if you've done your job, then flaws won't be exploitable and the name doesn't matter- if you've done a poor implementation or selection job, then all you're doing by hiding is postponing the inevitable. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." Moderator: Firewall-Wizards mailing list Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- DNS Names for external services Behm, Jeff (Apr 13)
- Re: DNS Names for external services Paul D. Robertson (Apr 13)
- Re: DNS Names for external services Carson Gaspar (Apr 14)
- Re: DNS Names for external services Bruce B. Platt (Apr 14)
- Re: DNS Names for external services Frank Knobbe (Apr 22)
- Re: DNS Names for external services Morty (Apr 23)
- Re: DNS Names for external services david (Apr 26)
- Re: DNS Names for external services Morty Abzug (Apr 27)
- Re: DNS Names for external services Frank Knobbe (Apr 27)
- Re: DNS Names for external services Paul D. Robertson (Apr 27)
- Re: DNS Names for external services R. DuFresne (Apr 27)
- Re: DNS Names for external services Andre Lima (Apr 26)
- Re: DNS Names for external services Paul D. Robertson (Apr 13)