Re: Should FW have DNS name?

I think even something like 'goaway.domain.com' isn't necessarily good, 
since in an effort to hide what it is, you've still told them it's 
something they want to play with.  I'd just list it by IP, like this:
If the IP address is 1.1.1.1, just call it 1-1-1-1-static.domain.com or 
something along those lines.  You can still identify it, call it by name, 
and you haven't revealed anything other than it being a route hop.

Now if the only reason to even have that there is for administration 
purposes, chances are you are only managing the firewall from one or two 
hosts anyway.  So just edit the hosts files on those respective systems 
with something like 'fwall   1.1.1.1' and you can get the ease of not 
having to type or even remember the IP address, without leaking any 
information to the world.

You just need to analyze WHY you want to have it resolve, and figure out 
the most secure way to accomplish that.

- Ralph

On Fri, 9 Jun 2006, Bob Radvanovsky wrote:

> I would make it non-descfript like "goaway" for the host name.  if you get 
> annoyed easily, use something with stronger language. ;))
> DO NOT use a name to describe the firewall, such as "sonic" for a SonicWALL, or "cp" or 
> "cp1" for a CheckPoint FW.  That would be foolish.
>
> -r
>
> ----- Original Message -----
> From: Bill Smith [mailto:vinet138@yahoo.com]
> To: Firewall@SecuriryFocus [mailto:firewalls@securityfocus.com], 
> fwbuilder-discussion@lists.sourceforge.net
> Subject: Should FW have DNS name?
>
>
> >    Hi Folks,
> >
> > Should FW has DNS name?
> > If it does, what is the implication?
> >
> > Plz comment.
> >
> > Bill