Thanks, the favourite replies follows : ================== b) A properly configured firewall is the key defense against outside world. If a hacker has breached your network, a funny sounding name is not going to slow him down. He's going to do a port scan and figure out if this is an ORACLE server or a file server. Outsourced IT vendors & internal users are hard to guard against. If you are really paranoid about keeping them from knowing details about the box, you could put the box in a DMZ and only expose the services they absolutely require. But again, there's a good chance that one or more of the services they are exposed to will give away your OS anyway c) Hardening should be your first priority. I would put all of your effort into that. =================== a)If your infrastructure is already running, I seriously discourage renaming the boxes. Some software licence key off the hostname. Many not very smart programmers also hardcode the hostnames in their code. Some applications use he hostname for licensing too. Changing hostnames can lead to pretty bad application outages. =================== d) if you're really allowing telnet (not ssh) access, you're likely have larger security issues. d)Secure your login banner page with warning & don't use things like "Welcome to company ABC" in it =================== a)Don't have any other "authorative" sources to back that up, but do they have any that claim it is high risk? a)If I have a domain name, I can look up who registered "example.com." If I have an IP, you're right, I can go to ARIN, RIPE, APNIC, etc. and find out to whom the space is registered. b)There is no accepted secure naming convention that works for everyone. The most "secure" naming convention would be random strings. But that's not good for humans. If you make the names too hard, why bother. It's just as easy to remember by IP address. b)If you don't want people to know your organization name, should you have a website to begin with? Also, if your IP address is available via DNS, someone could use (say) nmap to give them MUCH more information about your system than they could get from a hostname. ============================================ to make it easier for the outside world to deal with, I use CNAMEs to assign every host a second name indicating its function, e.g. Hostname banana dns1.example.com apple dns2.example.com ... ... wyoming mx1.example.com oregon mx2.example.com Note how this makes changes seamless: if I bring online a new DNS server named "coconut" to replace "apple", then as long as the CNAME points to the new host, the change is invisible. NOTE CAREFULLY that MX records must not point to CNAMEs, by the way. > c)What's the system/network impact? This is why you use CNAMEs. It removes the need to change most of this stuff, because you can just make the changes (a) on the host and (b) in DNS, then everything else just works. ==================== - Yes, CA Unicenter monitoring agent needs to be reinstalled - Yes, HP DataProtector needs to be reinstalled - will any OS patches (for Solaris, HPUX, Linux) need to be reinstalled? No, but some software licence depends on hostname ==================== For naming convention, it's recommended the length do not exceed 8 characters though it can go longer as some existing application/tools may not be able to support hostname with more than 8 characters : http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x2db614a24fd1d4118fef0090279cd0f9,00.html http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xc2b7d5fab40ed6118ff40090279cd0f9,00.html Using fruit/object name easily exceeds the 8 character limit ==================== One organization that has different geographical location came up with this : sfwdp01a (use lower case) where - "s" represent country (MNC uses this to identify where the server is located geographically) - "fw" is the function (fw for firewall, dn for dns, sw for switch, ws for webserver, db for database server) - "dp" is a code for the department that uses it (pb if public) - 01/02 (just a numbering system in incrementing order) - a or b (if it's a cluster member, a for 1st member, b for 2nd ...) _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu May 29 00:01:51 2008
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:11 EST