I want to ask you, why is it important for an administrator to provide logical system/host-names to entities within their network?
It is easy
The first thing that pops-up in my mind, that it must be easy, if you want to access your splunk environment, you just enter splunk.[mysite].tld and badabiem, like magic, the DNS brings you to your splunk environment.
We know what it is
The second thing that pops-up is that it must be of great assistance that once you do a scan on your network, or utilize your logging tools, that you see what type of systems and hosts you have within your network. In most companies, they have identified systems by the user which is using the system. Something like JohnDoe-Laptop-office would be a logical hostname for the office laptop for John Doe right? Just imagine that someone is targeting John Doe, how hard would it be for the attacker to find John Doe his system?
Well, there are major risks by using logical hostnames and system names within your network. First of all, anything which you connect to the internet is most likely to get indexed. Remember, anything on that system/host which utilizes the web, can help the person on the other side to get a view of what type of system you are using.
Another thing we need to remember, is that we need to act like we already have been breached by cybercriminals, this means, that once a cybercriminal is inside your network or system, it can perform a scan, and by the logics you have used, the cybercriminal will get a quick view on which systems or hosts should be targeted.
There are methods which I will not discuss here, which do not use active scanning while they do provide network information from your environment to the public.
If you know who I am, find me on LinkedIn, and I am always open for a chat 🙂
So again, is it really necessary to use logical names within your company for the systems and hosts that you have?
Just take a look at this VPN list 😉#hostnames #system