Educause Security Discussion mailing list archives

Re: Server naming conventions

From: Greg Schaffer <schaffer () MTSU EDU>
Date: Thu, 11 Feb 2010 15:43:02 -0600

I have to chime in on this thread although I've resisted doing so until now.
During the 90's I worked at a hospital.  The network had three core routers
named Larry, Curly, and Moe.  One of my coworkers (no it was not me) was
tasked with creating a new subnet on an interface.  Shortly after he saved
the configuration our network management station began screaming because the
entire surgical subnet was down.  What he had done was create the new subnet
on a different router on the interface designated for surgery.  Fortunately
in 1997 the network didn't have much telemedicine apps so it was more of an
inconvenience than anything.  The engineer was confused about the router he
was on because of the name, apparently, and suggested a clearer naming
convention was in order.  Yes, I know that there were other things he should
have checked and change management processes were inadequate, and I am not
making excuses for him. Still, today core routers/L3 switches in our network
are named based on location per my directive, remembering that one incident.




Greg



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Bennett
Sent: Thursday, February 11, 2010 2:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions

From Lansing Michigan of course almost all of our servers are named after

cars.  Luckily we have a lot of car names to choose from as we get new model
names each year.  We do have a Prius, but it did not show up in the recall.
We never hit the brakes anyway.  We also are the LCC Stars, so we have some
star names from years ago.



Chris Bennett, GSNA, GSEC

Director of Information Security

Lansing Community College

517-483-5264 (O)  517-483-1758 (F)



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Stucky, David
Sent: Thursday, February 11, 2010 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions



I guess I will chime in about server names.  I had a group of servers that
where named after things found in a garden.  One of them was originally
named "weed" without too much thought put into it.  I renamed that server
before it was put into production.



I also named a  server "crystal" once as a reference to using a crystal ball
to see into the future.  One co-worker kept asking me if it was the name of
old girlfriend, even though I kept explaining to them it was chosen very
loosely based on what the application was being used for; future
optimization of scheduling/utilization for resources.  I now think a little
more about how I name servers.



I also named another group of servers after the Noble Gases (low chemical
reactivity) from the Periodic Table of Elements.  Actually there are several
groupings of elements in the table with a number of names.  The six noble
gases gave me just enough names with a couple extra for future growth.
Imagine using a periodic table of elements as part of your network
documentation.



These were all internal names; not necessarily the names the users knew
their applications by.



Thanks.



David Stucky, CISSP, GSEC

Systems Security Analyst

Office of Human Resources

The Pennsylvania State University

503 James M. Elliott Building

University Park, PA 16802

Office: 814-865-4049

E-mail: dys5 () psu edu

http://www.ohr.psu.edu



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sherry Horeanopoulos
Sent: Thursday, February 11, 2010 8:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions



Thank you all - you have provided me and my officemates with a sidesplitting
morning.  I'd give my cashew stash to be a part of the .nuts network!



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Woodruff, Daniel
Sent: Thursday, February 11, 2010 8:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Server naming conventions



This has been a fantastic thread, thanks for all the input and creative
naming scheme ideas.



With new servers hosted by University IT here, the Windows Systems group has
settled on the 'its-service-p##' type style, where 'p' stands for
production, 't' would be test, etc. It seems some other institutions do
similar and even add more information such as location, and you brought up a
good point about a nmap scan can easily enumerate the services on a box, so
I feel more comfortable with that now. And segmenting DNS into different
zones is a great idea too.



Thanks,



Dan Woodruff

University IT Security and Policy

University of Rochester





Woodruff, Daniel wrote:

What kinds of naming conventions do everyone follow when building new
servers?



Currently, our Windows hosts are named following the pattern 'its-w2ks#'
or similar, where the # is the next in the sequence, and the names are
published in DNS. What are the potential drawbacks or using a scheme
like this? Do you think it is any better or worse from a security
perspective than using something like 'its-oracle-1' which has the
service right in the name? We're concerned about disclosing the purpose
of the machine via its name, and are trying to get an idea of what other
schools do for their machines. Thanks in advance.


For some servers, which are for internal ITS use only, there is really
no naming convention in place. Mythological figures and horrible puns
tend to be the norm.

For user-facing servers, the DNS name generally reflects the purpose or
service of the server. For example, our domain controllers are named
"ad-canisius" and "ad-canisius2", our Exchange mail stores are "store01"
and "store02", etc. There's probably a slight risk of revealing
information by putting a service right in the name, but frankly, it's no
more information than a simple nmap fingerprinting scan would be likely
to provide.

--
Matt Gracie                        (716) 888-8378
Information Security Administrator  [log in to unmask]
<http://listserv.educause.edu/cgi-bin/wa.exe?LOGON=A2%3Dind1002%26L%3DSECURI
TY%26D%3D0%26P%3D45691>
Canisius College ITS               Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
<http://www2.canisius.edu/%7Egraciem/graciem_public_key.gpg>

Current thread:

Re: Server naming conventions, (continued)
- Re: Server naming conventions Derek Diget (Feb 11)
- Re: Server naming conventions Michael J. Wheeler (Feb 11)
- Re: Server naming conventions Julian Y. Koh (Feb 11)
- Re: Server naming conventions Sandra Barclay (Feb 11)
- Re: Server naming conventions Andreas Paulisch (Feb 11)
- Re: Server naming conventions Dan Oachs (Feb 11)
- Re: Server naming conventions Barbara Ann Torney (Feb 11)
- Re: Server naming conventions Laurie Zirkle (Feb 11)
- Re: Server naming conventions Chris Bennett (Feb 11)
- Re: Server naming conventions McCrary, Barbara (Feb 11)
- Re: Server naming conventions Greg Schaffer (Feb 11)
- Re: Server naming conventions Jeff Kell (Feb 11)
- Re: Server naming conventions Hammond, Stanley (Feb 11)
- Re: Server naming conventions Barry Lynam (Feb 11)
- Re: Server naming conventions Greg Francis (Feb 11)
- Re: Server naming conventions Bristol, Gary L. (Feb 11)
- Re: Server naming conventions Pete Hickey (Feb 11)
- Re: Server naming conventions Cal Frye (Feb 12)