Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Security on Computer Names - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security on Computer Names
I know the old methodology of naming your computer by username should be an issue with hard disk encryption, but I was wondering even with encryption is naming a computer by the username an issue? I know most people may use a site of an office name. But does anyone see a computer name with for "John Doe" as "jdoe-pc" being an issues anymore and if so what is the issue? Anonymous

Usually it is not a big issue to name a computer after the user. It can be an issue if the computer is used outside of your LAN (e.g. a Laptop). The computer may advertise it's name on the local network, and if this is an untrusted network (e.g. hotel wifi), then others can spot whose' computer it is. Johannes

2865 Posts
ISC Handler
I would say this needlessly gives up information, sure usernames are not generally a secret, but why make the information gathering process that bit easier, by giving up the host name and username conventions as well as pairing users to devices? The same goes for naming conventions that give up clues to the services running on them...why freely offer this information up so easily. For example, if a print server is called PRN01 or licence server is called LIC03.

I suppose the the other side of the coin is that predictable and understandable naming conventions makes administration that bit easier and the information is easily discoverable anyway.
TheJulyPlot

5 Posts

Sign Up for Free or Log In to start participating in the conversation!