?
Solved

Securing a Domain Controller and naming

Posted on 2006-03-23
5
Medium Priority
?
140 Views
Last Modified: 2013-12-04
Im am about to rebuild two window 2003 domain controllers and have a question about securing/naming them.  Are there best practices as far as security goes for naming a server?  I know a lot of people use themes to name their servers.  We have our own standard, but by looking at the name of the servers you could probably pick out the dc's.  But, even if you cant figure out which computer is the dc by looking at the name, if an attacker can get into the AD schema, they will certainly be able to find out the dc names, not that it would probably matter at that point.  Any recommendation on server naming and securing the dc's?  Also, is there a way to hide a computer from network neighbor hood?
0
Comment
Question by:ohmErnie
3 Comments
 
LVL 23

Accepted Solution

by:
TheCleaner earned 252 total points
ID: 16270779
I name all my servers like this:

state code - city code - role - ascending number

So for a domain controller in Detroit, Michigan it would be called:

MIDETDC01

Works well when you have hundreds... :)

As far as securing them down....I recommend installing Sp1 on them, getting them fully configured, then running the SCW (security configuration wizard) on them.

More info:

http://www.windowsecurity.com/articles/Securing_Server_2003_Domain_Controllers.html

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

0
 
LVL 16

Assisted Solution

by:JammyPak
JammyPak earned 248 total points
ID: 16270968
I think that the name you give a server is pretty far down the list in terms of how to secure it...but, I would certainly recommend not making your names too obvious - particularly for anything you're putting in a public DNS (don't use VPN, RAS, etc in the host name!)

To hide a server from network neighbourhood:

NET CONFIG SERVER /HIDDEN:YES
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16403035
there is no definite way to secure the DC, but yes there are several ways of securing the domain or the enterprise.

run MBSA and keep all the security updates up to date.
you can use certificates and PKI as well and also use IPsec.
these are just a few ways there could be several more.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month15 days, 14 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question