Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Names for external services

From: "Bruce B. Platt" <bruce () ei3 com>
Date: Tue, 13 Apr 2010 17:30:07 -0400

Among other things, Paul said:

Snip ...


What's a bigger burden, your support costs or your security costs?  If 
your VPN is attackable, because of weak userid-passwords or other flaws, 
it'll be attacked sooner or later- if you've done your job, then flaws 
won't be exploitable and the name doesn't matter- if you've done a poor 
implementation or selection job, then all you're doing by hiding is 
postponing the inevitable.

Paul

...

I agree. I also support using non eponymous names.  Rather than
vpnserver.company.com, something like bart.company.com can be remembered,
but does not immediately tell anyone what the machine might do.  So a little
obscurity may help.

Or, make the server as impregnable as possible first, Then give it a name
people can remember, then watch to see if people try to bust in or
compromise it.

Bruce



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: