 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
--On Wednesday, March 27, 2013 3:00 AM +0000 "Edward Ned Harvey (blu)" <blu at nedharvey.com> wrote: > Use weird names, like "securesrv7.company.com" instead of > "vpn.company.com" and > Eliminate reverse pointers Which breaks all kinds of things. Like mail. Never mind that users absolutely HATE names like that. It's also counterproductive. Me the attacker does a reverse lookup of all the IP addresses in your domain. This takes at most 255 hits on your name servers. Me the attacker does an exhaustive search of all host names with one to twenty characters. This takes up... I'm not going to do the math but it's a lot more than 255 hits on your name servers. Yes, it does make it a little more tedious for a script kiddie to map all of your public-facing servers, but it does so at the expense of a MASSIVE increase in traffic and load on your name servers. I say let them have the names. They're going to find them anyway. Why make it hard on my own servers and network? I rely on perimeter IDPS and strong authentication to take care of keeping the unwanted out. Those work. Security by obscurity is no security at all. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
