Jeff,
I don't think it really matters...in that it won't make much difference to a hacker. We've been through the same thing in recent years and renaimed our entire domain. We used to use the following convention aabbccc### (a=company division, b=country code, c=location) and that was the same for everything - servers, network device, clients (desktop), printers and so on. We changed to the following convention last year with the exception of servers: aaab### (a=location, b=type of device (C=client, P=printer, N=net device). Servers were just named: aaa### (a=location). This new convention works well for us globally and is easy to manage. Hope it helps ! Ian [EMAIL PROTECTED] on 05/02/2002 16:41:15 To: [EMAIL PROTECTED] cc: Subject: Naming Conventions of Servers and Security I have a question about naming conventions. What is the security communities recommendation on naming servers? Is it safe to name a server by the function the server provides? We are currently looking at renaming our entire domain since there are 4 or 5 different naming conventions currently being used. So far I have been told that naming a server AABCCC## (where A = Company Division B = Type of device [ S = Server, N = Network D = Desktop] C = placement of server [DMZ or PRD or STG]) is weak security because an attacker would have useful knowledge about the server. I feel most attackers would perform some recon of the network and have that information before they went in to attack mode anyway. I realize that it could be easier for an attacker to gain information about the server, but what about the folks who have to work on the server? If a server was to go down or be attacked I would rather know immediately from the name what I could be dealing with or how critical it is to the company that the server is down. Please send me your humble opinions. Thanks Jeff Wichman
