Stupid naming convention
Comments
-
forkvoid
Member Posts: 317
veritas_libertas wrote: »I wasn't really referring to the, "oh I use star-trek, etc." I was more referring to I use asset tag + this to equal a specific asset. That would be highly useful for me if I wanted to find infiltrate a corporation. Much less has been used to do that. Granted I would also need to know who you are plus where you work.
I figured that was your line of thinking... I left mine void of exact names for that reason. I don't think anyone so far has given away too much information.The beginning of knowledge is understanding how little you actually know. -
tiersten
Member Posts: 4,505
Ehh. It really isn't difficult to find this information yourself if you've got access to the network. At most you've just saving the attacker a few minutes work from dumping info from the DC or DNS. You can make it harder by not giving anything a name but you've just made administration and actual usage considerably harder.veritas_libertas wrote: »I wasn't really referring to the, "oh I use star-trek, etc." I was more referring to I use asset tag + this to equal a specific asset. That would be highly useful for me if I wanted to find infiltrate a corporation. Much less has been used to do that. Granted I would also need to know who you are plus where you work.
Of course, if you name your servers SQL-PAYMENTS-BUSINESS-CRITICAL-NO-PWNING-PLZ.example.com then its your own fault for pointing out what servers are important :P
You're not getting anything particularly secret by me telling you the naming scheme at work. It'd take you about 5 seconds to work it out if you had access.
What does give you way too much information is if you can get access to the company directory in Exchange or whatever. Generally that has everybodies name, position, telephone, email and sometimes room. That information is way more valuable than the naming scheme used for the network. -
qcomer
Member Posts: 142
MentholMoose wrote: »One of my previous jobs had something like this... when I was hired, literally none of the machine names were still accurate!
People switch desks, change departments, swap computers, etc., it was just a mess trying to update the names and departments all the time, so I just eliminated that stuff.
I standardized it to include location (city), operating system (2k or xp at the time), and a machine ID number, and stuck a label on all the machines as time permitted so that someone being helped remotely could read the label.
Thats when you have a policy that staff is isnt allowed to move anything, or there is a price to pay
lol.
It makes it easier since we have different GPs and stuff. -
forkvoid
Member Posts: 317
Thats when you have a policy that staff is isnt allowed to move anything
We have a policy like that... it doesn't stop them. They just don't tell us. Eventually it causes a name conflict or we can't connect to them because their machine name is wrong. Users = the bane of IT
Too bad they are also the reason for IT.The beginning of knowledge is understanding how little you actually know. -
crrussell3
Member Posts: 561
We currently use the username for the hostname of a pc at my new job, and I can't stand it. There are so many xxx1, xxx01, xxx2, etc that it defeats the purpose of what they were trying to achieve. I am trying to convince them to change their naming convention, but no luck yet. I even suggested using bginfo which I have used at every other job, but again no luck.
As previous job used a 3 letter abbreviation of the department plus the serial number of the machine. This made things unique and easy, coupled with bginfo tech support had no issues. The only problem we had was from lazy techs who would swap hdds from ready imaged machines to another machine and not change the hostname, so there were so issues after awhile.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
mikedisd2
Member Posts: 1,096 ■■■■■□□□□□
HeroPsycho wrote: »Devil's advocate: you could argue it's better for security this way because their name doesn't give away what the server's function is and what data it stores.
I would dare argue that the security issue there isn't that the server role is revealed, but that someone has gotten in to see the servers in the first instance. -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
I have to go with HeroPsycho here, minimum required information please. This is especially true in a shared hosted environment (cage in a leased data center for example - in such an environment I recommend absolutely nothing to indicate the company name or anything other than the NetBIOS name of the equipment, no IP addresses, no logos on asset tags, etc).I would dare argue that the security issue there isn't that the server role is revealed, but that someone has gotten in to see the servers in the first instance.
I'm a fan of something along the lines of some form of location identifier followed by a type identifier then a unique number, e.g.:
EURCD12941 - which might be the 12,941st desktop issued in our European operations, I prefer not to reuse numbers during a hardware refresh
NAMCL01324 - which might be the 1,324th laptop issued in our North American operations
USORPORTSV042 - server #42 in Portland, OR
USORPORTPR015 - printer #15 in Portland, OR - list them in AD and have users find them that way
VANCSRV01 - server #1 in Vancouver
*Note, none of these are exactly based on any existing clients naming scheme, just a rough example of what I'm talking about.
