Educause Security Discussion mailing list archives
Re: Server naming conventions
From: "Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>
Date: Wed, 10 Feb 2010 14:12:21 -0600
I'm not sure I should admit to this but virtually (pun intended) every server we have is named after a town in Texas. My staff comes up with the names when they build a new server. Bonus points are given if the name relates somehow to the primary purpose of the server. For example, we have Exchange servers named Post, Franklin, etc. One of our DNS servers is named Uncertain (yep, Uncertain, Texas, Google it). A web-based survey server is Ponder. Security related servers include Ranger, Alamo, Marshall, Jericho, etc. My staff is very creative. It really helps to have names that are easier to relate to, for us, than Server1, Server2, etc. We did that years ago and it got confusing very quickly. With 55+ servers, the current method works much better. Most of these names are not seen in external DNS. Our external DNS will simply return a generic reverse-lookup for those IPs that don't have a public-facing purpose. Obviously we also use DNS aliases I agree with someone else that posted that these days people will just Nmap servers to see what they do. The name probably isn't that much help. However, even knowing the actual server names, I doubt that most people would figure out our naming scheme unless they read this list. I'm sure this is not considered best practices but it seems rather low on the risk list. If someone has data showing actual, recent (not from 1982) cases where the server name was the first clue a hacker used to compromise a server, I'd be interested in seeing it. -- Ron Parker, Director of Information Technology, Brazosport College Voice: (979) 230-3480 FAX: (979) 230-3111 http://www.brazosport.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Woodruff, Daniel Sent: Wednesday, February 10, 2010 1:17 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Server naming conventions What kinds of naming conventions do everyone follow when building new servers? Currently, our Windows hosts are named following the pattern 'its-w2ks#' or similar, where the # is the next in the sequence, and the names are published in DNS. What are the potential drawbacks or using a scheme like this? Do you think it is any better or worse from a security perspective than using something like 'its-oracle-1' which has the service right in the name? We're concerned about disclosing the purpose of the machine via its name, and are trying to get an idea of what other schools do for their machines. Thanks in advance. Dan Woodruff University IT Security and Policy University of Rochester
Current thread:
- Server naming conventions Woodruff, Daniel (Feb 10)
- <Possible follow-ups>
- Re: Server naming conventions Matthew Gracie (Feb 10)
- Re: Server naming conventions Kevin Kelly (Feb 10)
- Re: Server naming conventions Russell Fulton (Feb 10)
- Re: Server naming conventions Sauvigne, Craig M (Feb 10)
- Re: Server naming conventions Parker, Ron (Feb 10)
- Re: Server naming conventions Pete Hickey (Feb 10)
- Re: Server naming conventions Greg Francis (Feb 10)
- Re: Server naming conventions John Kristoff (Feb 10)
- Re: Server naming conventions Perloff, Jim (Feb 10)
- Re: Server naming conventions Jones, Dan (Feb 10)
- Re: Server naming conventions Stanclift, Michael (Feb 10)
- Re: Server naming conventions Bruce Carter (Feb 10)
- Re: Server naming conventions Ken Connelly (Feb 10)
- Re: Server naming conventions Bob Kalal (Feb 10)
- Re: Server naming conventions Cal Frye (Feb 10)
(Thread continues...)