Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Server Naming Conventions

from [S. Earl Jarosh] Network Security [Permanent Link]
Subject: RE: Server Naming Conventions
Date: Thu, 20 Dec 2007 14:42:10 -0600 
I sort of like use toons or mythological characters with their pictures as
the wallpaper so that when you are using a KVM or other remote scheme you
know the server by the background picture.  Sequential naming conventions
are very boring and lack any sort of imagination. 

Earl 

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of crazy frog crazy frog
Sent: Friday, December 14, 2007 12:58 PM
To: krymson@gmail.com
Cc: security-basics@securityfocus.com
Subject: Re: Server Naming Conventions

mogli,mario,contra etc............

On 12 Dec 2007 18:50:15 -0000,  <krymson@gmail.com> wrote:

I can't cite any references (basically I only do the research when I

really want to!), but I imagine you will find references that suggest (or
require) naming systems in a way that does not reveal their use. Naming an
IIS 5 Web Server something like WEBSIIS5 would be a bad practice, in theory.



In reality, I think most shops name systems how they want, since finding

out services, uses, and system OS levels can be fairly trivial and done in
many ways. Still, making an attacker work and possibly make false
assumptions has minor value to some. I think anyone that has done any black
box service/server recon will have made an error in judgement at one time or
another.



I'd break server naming into three groups:


1) Random names, or even names of random stuff. HanSolo, Luke, Jupiter,

Mercury, Zeus, MilkyWay, Larry, Curly, Moe, REGEHSJE, GSDFOHE, XKCD... This
is a fun way, keeps the systems fairly hidden with the tradeoff that you
better know which system does what, and new staff will take time to figure
it out. Names that mean something, like Mercury, are a step in the "better"
direction, as opposed to DFSDRLJH.



2) Random, but predictable names that you track. This is a great tact for

workstations, and can be used for servers as well. SERVER001, SERVER002,
SERVER003... You'll have to track in inventory what each does, however, and
can become confusing. But in this way the systems have standard names and do
not give away their use.



3) Predictable names that reflect their use. CompanyDC01, CompanyDNS02,

CompanyFS23 could be names for a domain controller, dns server, and file
server, respectively. I've found most companies do this, even if they give
away the server use to any curious parties.




<- snip ->


Id like to see if anyone has any information on system naming

conventions, best practices, NIST, DISA, etc....


Are there any US GOV requirements on how systems/servers should or

should NOT be named?





--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Recommendations for a non-technical book on cyber counter-terrorism and computer security, Martin Petersen
Next by Date:  Re: Recommendations for a non-technical book on cyber counter-terrorism and computer security, jeffrey rivero
Previous by Thread:  Re: Server Naming Conventions, crazy frog crazy frog
Next by Thread:  Associate PID with ICMP Request in Windows?, Megan Kielman
Indexes:  [Date] [Thread] [Top] [All Lists]