Naming Switches and Routers

datchchadatchcha Member Posts: 265
I wanted to know best practices with the idea of security in mind on naming switches and routers. Never really gave it much thought until now – I was onsite the other day, and noticed that someone labeled the switches and routers as if they were following a M$ whitepaper. Example: SW_#### and RO_####. I didn’t think this was a wise idea for the simple fact that you do not go around naming domain controllers DC_### or exchange servers EX_#### for security reasons.

Can anyone offer ideas or present valid reasons on naming conventions which work.

Thank you,
Dat
Arrakis

Comments

  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    To me following a standard naming convention for all devices (servers, clients, printers, networking equipment, etc) has always been best practice. As far as security goes I only label devices with the name - no IP address or anything else, nor anything that could identify the company (since they may be hosted in a leased data center).

    Here is an example, based on - but not the same as - the one I usually use, it tells you where and what but thats it:

    CAVANCSV014 - server in Vancouver
    CAEDMNNR001 - router in Edmonton
    USSEATNS003 - switch in Seattle
    USCD32509 - client desktop in the US
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Naming conventions are important. If you do something unintelligible, you may end up losing track of important servers (obviously, I'm talking about larger organizations). An attacker will most likely just use some automated scanning tool that will identify which services are running on each device anyway. No one needs DNS names to compromise your systems, so there's no point in making things more difficult for yourself.

    I don't think there's a right or wrong way to go about naming things. Just decide on a standard method that allows you to keep track of what you have and use that consistently. Ideal naming conventions will likely vary from organization to organization.
  • tierstentiersten Member Posts: 4,505
    We put the site, type of device (router, switch, server etc...) and number. You can work out what a device is easily anyway so its not worth hiding the fact that 10.1.2.3 is a router and 10.1.2.4 is a switch in your DNS.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    datchcha wrote:
    ]I didn’t think this was a wise idea for the simple fact that you do not go around naming domain controllers DC_### or exchange servers EX_#### for security reasons.
    Just a follow up. All my enterprise clients do exactly that. They identify Exchange, database, domain controllers, terminal servers, and a few other types in the naming of the server from standard file/print/application servers. None of them consider it a security risk, as others have said there are easy ways to identify what is running and where without the need to look at DNS.
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    some standard types of conventions I've seen are as follows, usually pretty standard every client site I've been at with slight variation;

    ADSL routers = 3bc-a_cincinati_01 (3bc company initials, a = adsl, cincinati, 01 = router 1 on site)
    MPLS routers = 3bc-m_cincinati_01 (3bc company initials, a = adsl, cincinati, 01 = router 1 on site)
    LAN switches = 3bc-sw_cincinati_01 (3bc company initials, sw = ethernet switch, cincinati, 01 = switch 1 on site)
    Servers = MCEDFS01 (MC = malcy computing, ed - location Edinburgh, FS = file server, 01 = files server 1)

    If more kit is added at site or a new location opens, just increment the number at the end or change the location.
  • datchchadatchcha Member Posts: 265
    Understand, never really thought of it that way. Thank all of you for the advice.


    thanks again.
    Cheers!!!!
    Arrakis
  • ReardenRearden Member Posts: 222
    We do something like

    <location>-<model>-<index>

    If it's a switch with only one management interface, index is usually the last octet of its ip. This way when you ssh into it, you know what you're working with, where it is, and with index being part of the ip, you can tell if you're in the right one or not and avoid making "oops, I thought I was in that other device" type errors.

    Example:

    AmesB200-Switch3560G-1
    More systems have been wiped out by admins than any cracker could do in a lifetime.
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    I actually give everything two names in DNS.

    The first name is the long descriptive one. Location, function, type of connection, etc. The kind of thing your normal see in between your home and google if you do a traceroute.

    That stuff is great for providing information in a hurry, especially when you're trouble shooting.

    When you have to type on those hostnames on a daily basis, it is *really* *BEEP*ing annoying. One typo, or if you get mixed up and screw some numbers up and the number you used instead of the right one actually exists and you don't realize it until your NMS starts paging you to let you know that you screwed up, pretty much offsets the useful of the long hostname.

    So I use a secondary naming scheme, which is more thematic. I'm a huge George Martin fan, so I tend to do my naming conventions after things related to A Song of Ice and Fire. More specifically, I name routers after places, switches after houses, and servers after people. So instead of having to type out atl4-vl255-gige-01, I can just ssh to the hostname stark, and I'm in the right place.

    Descriptive naming conventions have their uses, but I'm also a firm believer in the concept of keep it simple. If your host name looks more like a serial number than a hostname, it might not be doing you much good
  • Sanis4lifeSanis4life Banned Posts: 60 ■■□□□□□□□□
    Best naming convention i've seen for a CAMPUS:


    Network_Building_Model_Type(Acc_Distro_Core)IP

    N_BldgXXXX_3750_Acc(4.xxx)

    Security be damned...
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Sanis4life wrote:
    Best naming convention i've seen for a CAMPUS:


    Network_Building_Model_Type(Acc_Distro_Core)IP

    N_BldgXXXX_3750_Acc(4.xxx)

    Security be damned...

    I don't really like using the type of device in the name, when you upgrad them you need to rename them or you end up with a 3750 that has "1900" in it's name, which is an insult :)
    The only easy day was yesterday!
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    dtlokee wrote:
    Sanis4life wrote:
    Best naming convention i've seen for a CAMPUS:


    Network_Building_Model_Type(Acc_Distro_Core)IP

    N_BldgXXXX_3750_Acc(4.xxx)

    Security be damned...

    I don't really like using the type of device in the name, when you upgrad them you need to rename them or you end up with a 3750 that has "1900" in it's name, which is an insult :)
    +1 dropping the _Model_ from the name would make it "future-proof" in my books. :D
Sign In or Register to comment.