HPE Community
Operating System - HP-UX
1831612 Members
2496 Online
110027 Solutions
New Discussion

Host Names and Security

 
Leo Sopicki_1
New Member

‎04-12-2000 01:52 AM

‎04-12-2000 01:52 AM

Host Names and Security

Within my IT department, we are currently debating whether host names have any
impact on security. Position 1 says "Host names should neither indicate that
the host is a server (as in 'srv_main') nor its function (as in 'EXCHANGE').
Position 2 says, "We have a firewall and good passwords, the server names are
irrelevant."

How do other sites handle this?
0 Kudos
Reply
6 REPLIES 6
Jay Song_3
Occasional Contributor

‎04-12-2000 03:07 AM

‎04-12-2000 03:07 AM

Re: Host Names and Security

A hacker can easily identify a hostname "SRV-HPOV" is running OpenView and it
contains RW community string for all your critical routers. This server will
become the target of attack. But if you name your openview server as something
like "hammer", it's gonna be harder to guess the purpose of this machine. You
got it?
0 Kudos
Reply
John_Hancock
Trusted Contributor

‎05-10-2000 11:54 PM

‎05-10-2000 11:54 PM

Re: Host Names and Security

In Scientific American last year there was a hyperthetical case study of a hacker attack on a supposedly "secure" business. This case study was based on the authors experience of a number of hack attacks. It is worth reading.

The conclusion is - never assume that you have a secure network. Always assume that there is someone who is dedicated to hacking your network.

I would choose non-descriptive names.
John
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎02-12-2001 10:05 AM

‎02-12-2001 10:05 AM

Re: Host Names and Security

If your network is Completely Closed, then names are irrelavent. In todays inter/intranet hostnames, IP's, and more information than you can imagine floats out of boxes via web pages and simple network traffic.
Especially in a MS box! You should see all the nice broadcast information NT sends out one day! "Sniff your own network for a week!"

Anyway, I agree that a host called "hammer" is much harder to guess the purpose. Remember that names should not contain Underscores, commas, etc..but hyphens are Okay.

Another thing that helps protect too is not to use standard IP's for hosts. It is very common for a router to have a .1 or .254 for the IP, Mail server or DNS server to have .2, DNS or mail server to have .3. If you fall into this category, then your just as vulverable as naming your hosts "mainserv", or "fileserv". :)

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎02-12-2001 10:05 AM

‎02-12-2001 10:05 AM

Re: Host Names and Security

If your network is Completely Closed, then names are irrelavent. In todays inter/intranet hostnames, IP's, and more information than you can imagine floats out of boxes via web pages and simple network traffic.
Especially in a MS box! You should see all the nice broadcast information NT sends out one day! "Sniff your own network for a week!"

Anyway, I agree that a host called "hammer" is much harder to guess the purpose. Remember that names should not contain Underscores, commas, etc..but hyphens are Okay.

Another thing that helps protect too is not to use standard IP's for hosts. It is very common for a router to have a .1 or .254 for the IP, Mail server or DNS server to have .2, DNS or mail server to have .3. If you fall into this category, then your just as vulverable as naming your hosts "mainserv", or "fileserv". :)

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Tim Malnati
Honored Contributor

‎02-12-2001 09:34 PM

‎02-12-2001 09:34 PM

Re: Host Names and Security

In the past I have seen shops that have used names of fish, birds, Flinstone characters, etc. These days it seems that many shops have moved more toward a naming convention that is related to the function and location of the server. I must say that it's certainly easier recognize say 'DC-DNS1' than say 'robin' when you are staring at your pager at 2am. Firewalls have reduced the need for unassociated names; anyone who does not have a firewall is begging for trouble and an odd naming convention will be of little help. The fact of the matter is that a hacker can get a good idea of what a machine is all about by seeing what ports will open.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎02-12-2001 11:46 PM

‎02-12-2001 11:46 PM

Re: Host Names and Security

Hi,

From my firewall logs, I can tell you that portscans are not selective on whether your hostname is indicative of the functionality of your server, for efficiency reasons. Portscans or individual probes can be broken up into two major categories:

1) dns-based portscans

If your hostname is registered in the DNS, then you are vulnerable to such attacks. Your hostname does not matter.

2) brute-force portscans

It does not matter whether or not your hostname is registered in the DNS, every single IP right from the network address to the broadcast address is scanned. Your hostname does not matter.

Internally, I do not rely on the DNS, for fear that the DNS gets compromised. I use /etc/hosts for my ring of trusted hosts to communicate with one another.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.