topic Re: Host Names and Security in Operating System - HP-UX

Host Names and Security

Leo Sopicki_1 — Wed, 12 Apr 2000 08:52:01 GMT

Within my IT department, we are currently debating whether host names have any
impact on security. Position 1 says "Host names should neither indicate that
the host is a server (as in 'srv_main') nor its function (as in 'EXCHANGE').
Position 2 says, "We have a firewall and good passwords, the server names are
irrelevant."

How do other sites handle this?

Re: Host Names and Security

Jay Song_3 — Wed, 12 Apr 2000 10:07:21 GMT

A hacker can easily identify a hostname "SRV-HPOV" is running OpenView and it
contains RW community string for all your critical routers. This server will
become the target of attack. But if you name your openview server as something
like "hammer", it's gonna be harder to guess the purpose of this machine. You
got it?

Re: Host Names and Security

John_Hancock — Thu, 11 May 2000 06:54:41 GMT

In Scientific American last year there was a hyperthetical case study of a hacker attack on a supposedly "secure" business. This case study was based on the authors experience of a number of hack attacks. It is worth reading.

The conclusion is - never assume that you have a secure network. Always assume that there is someone who is dedicated to hacking your network.

I would choose non-descriptive names.
John

Re: Host Names and Security

Shannon Petry — Mon, 12 Feb 2001 18:05:57 GMT

If your network is Completely Closed, then names are irrelavent. In todays inter/intranet hostnames, IP's, and more information than you can imagine floats out of boxes via web pages and simple network traffic.
Especially in a MS box! You should see all the nice broadcast information NT sends out one day! "Sniff your own network for a week!"

Anyway, I agree that a host called "hammer" is much harder to guess the purpose. Remember that names should not contain Underscores, commas, etc..but hyphens are Okay.

Another thing that helps protect too is not to use standard IP's for hosts. It is very common for a router to have a .1 or .254 for the IP, Mail server or DNS server to have .2, DNS or mail server to have .3. If you fall into this category, then your just as vulverable as naming your hosts "mainserv", or "fileserv". :)

Regards,
Shannon

Re: Host Names and Security

Shannon Petry — Mon, 12 Feb 2001 18:05:58 GMT

Re: Host Names and Security

Tim Malnati — Tue, 13 Feb 2001 05:34:28 GMT

In the past I have seen shops that have used names of fish, birds, Flinstone characters, etc. These days it seems that many shops have moved more toward a naming convention that is related to the function and location of the server. I must say that it's certainly easier recognize say 'DC-DNS1' than say 'robin' when you are staring at your pager at 2am. Firewalls have reduced the need for unassociated names; anyone who does not have a firewall is begging for trouble and an odd naming convention will be of little help. The fact of the matter is that a hacker can get a good idea of what a machine is all about by seeing what ports will open.

Re: Host Names and Security

Steven Sim Kok Leong — Tue, 13 Feb 2001 07:46:17 GMT

Hi,

From my firewall logs, I can tell you that portscans are not selective on whether your hostname is indicative of the functionality of your server, for efficiency reasons. Portscans or individual probes can be broken up into two major categories:

1) dns-based portscans

If your hostname is registered in the DNS, then you are vulnerable to such attacks. Your hostname does not matter.

2) brute-force portscans

It does not matter whether or not your hostname is registered in the DNS, every single IP right from the network address to the broadcast address is scanned. Your hostname does not matter.

Internally, I do not rely on the DNS, for fear that the DNS gets compromised. I use /etc/hosts for my ring of trusted hosts to communicate with one another.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com