Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Server naming conventions

From: "McCrary, Barbara" <bmccrary () OGSLP ORG>
Date: Thu, 11 Feb 2010 15:10:21 -0600
We only use the names of classical composers at one site and I'm always
hoping that more are named after girl composers.  Still we only have two
girls.  Other sites, greek gods, greek alphabet, guns, explorers, movie
monsters and in one rare case, after a cherished leader at his
retirement.  Often, the names and the groups do help determine the age,
location, purpose and even OS of the server. We want the name to meet
our stability and production expectations, so no weeds, wacko or trouble
allowed.  This has been fun:)
 
I think the nuts scheme was my favorite so far! 
 
Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+ 

bmccrary () ogslp org <mailto:bmccrary () ogslp org>  

Oklahoma State Regents for Higher Education
421 NW 13th, Ste 250
Oklahoma City, OK  73103
405 234.4316 office
405 234.4321 cell
405 234.4588 fax 

Note:  This communication and attachments, if any, are intended solely
for the use of the addressee hereof.  In addition, this information and
attachments, if any, may contain information that is confidential,
privileged and exempt from disclosure under applicable law, including,
but not limited to, the Privacy Act of 1974.  If you are not the
intended recipient of this information, you are prohibited from reading,
disclosing, reproducing, distributing, disseminating, or otherwise using
this information.  If you have received this message in error, please
promptly notify the sender and immediately, delete this communication
from your system.

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Bennett
Sent: Thursday, February 11, 2010 2:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions




From Lansing Michigan of course almost all of our servers are named

after cars.  Luckily we have a lot of car names to choose from as we get
new model names each year.  We do have a Prius, but it did not show up
in the recall.  We never hit the brakes anyway.  We also are the LCC
Stars, so we have some star names from years ago.  

 

Chris Bennett, GSNA, GSEC

Director of Information Security

Lansing Community College

517-483-5264 (O)  517-483-1758 (F)

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Stucky, David
Sent: Thursday, February 11, 2010 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

 

I guess I will chime in about server names.  I had a group of servers
that where named after things found in a garden.  One of them was
originally named "weed" without too much thought put into it.  I renamed
that server before it was put into production.

 

I also named a  server "crystal" once as a reference to using a crystal
ball to see into the future.  One co-worker kept asking me if it was the
name of old girlfriend, even though I kept explaining to them it was
chosen very loosely based on what the application was being used for;
future optimization of scheduling/utilization for resources.  I now
think a little more about how I name servers.  

 

I also named another group of servers after the Noble Gases (low
chemical reactivity) from the Periodic Table of Elements.  Actually
there are several groupings of elements in the table with a number of
names.  The six noble gases gave me just enough names with a couple
extra for future growth.  Imagine using a periodic table of elements as
part of your network documentation.

 

These were all internal names; not necessarily the names the users knew
their applications by.

 

Thanks...

 

David Stucky, CISSP, GSEC

Systems Security Analyst

Office of Human Resources

The Pennsylvania State University

503 James M. Elliott Building

University Park, PA 16802

Office: 814-865-4049

E-mail: dys5 () psu edu

http://www.ohr.psu.edu

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sherry
Horeanopoulos
Sent: Thursday, February 11, 2010 8:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

 

Thank you all - you have provided me and my officemates with a
sidesplitting morning.  I'd give my cashew stash to be a part of the
.nuts network!

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Woodruff, Daniel
Sent: Thursday, February 11, 2010 8:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

 

This has been a fantastic thread, thanks for all the input and creative
naming scheme ideas. 

 

With new servers hosted by University IT here, the Windows Systems group
has settled on the 'its-service-p##' type style, where 'p' stands for
production, 't' would be test, etc. It seems some other institutions do
similar and even add more information such as location, and you brought
up a good point about a nmap scan can easily enumerate the services on a
box, so I feel more comfortable with that now. And segmenting DNS into
different zones is a great idea too.

 

Thanks,

 

Dan Woodruff

University IT Security and Policy

University of Rochester

 

 

Woodruff, Daniel wrote:

What kinds of naming conventions do everyone follow when building new
servers?

 

Currently, our Windows hosts are named following the pattern

'its-w2ks#'

or similar, where the # is the next in the sequence, and the names are
published in DNS. What are the potential drawbacks or using a scheme
like this? Do you think it is any better or worse from a security
perspective than using something like 'its-oracle-1' which has the
service right in the name? We're concerned about disclosing the

purpose

of the machine via its name, and are trying to get an idea of what

other

schools do for their machines. Thanks in advance.

 
For some servers, which are for internal ITS use only, there is really
no naming convention in place. Mythological figures and horrible puns
tend to be the norm.
 
For user-facing servers, the DNS name generally reflects the purpose or
service of the server. For example, our domain controllers are named
"ad-canisius" and "ad-canisius2", our Exchange mail stores are "store01"
and "store02", etc. There's probably a slight risk of revealing
information by putting a service right in the name, but frankly, it's no
more information than a simple nmap fingerprinting scan would be likely
to provide.
 
-- 
Matt Gracie                        (716) 888-8378
Information Security Administrator  [log in to unmask]
<http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A2%3Dind1002%26L%3DSE
CURITY%26D%3D0%26P%3D45691> 
Canisius College ITS               Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
<http://www2.canisius.edu/%7Egraciem/graciem_public_key.gpg>
Previous By Date Next
Previous By Thread Next

Current thread: