๐ ๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ โ Real-World Findings from Security Assessments
๐ฅย ๐ฎ๐ฏ.๐ด%ย of environments I assessed ๐ต๐ฎ๐ฑ ๐ป๐ผ ๐ป๐ฎ๐บ๐ถ๐ป๐ด ๐ฐ๐ผ๐ป๐๐ฒ๐ป๐๐ถ๐ผ๐ป ๐ณ๐ผ๐ฟ ๐ฎ๐ฐ๐ฐ๐ผ๐๐ป๐๐ ๐ฎ๐ป๐ฑ ๐ฑ๐ฒ๐๐ถ๐ฐ๐ฒ๐
Sounds like a boring โadmin hygieneโ topicโฆ but it becomes a real security problem fast.
๐ช๐ต๐ ๐ถ๐ ๐ถ๐ ๐ถ๐บ๐ฝ๐ผ๐ฟ๐๐ฎ๐ป๐?
1๏ธโฃ Operationsย โ you immediately know what a system/account is and where it belongs.
2๏ธโฃ Logs & incident responseย โ when SOC needs answers fast, โSRV07โ and โAdmin2โ slow everything down.
3๏ธโฃ Automationย โ scripts, filters, GPO targeting, reportingโฆ naming is the foundation for all of it.
๐ช๐ต๐ฎ๐ ๐ ๐๐๐ถ๐น๐น ๐๐ฒ๐ฒ ๐๐ฎ๐ ๐๐ผ๐ผ ๐ผ๐ณ๐๐ฒ๐ป:
โ Servers namedย SRV01โSRV20ย (no clue what runs where)
โ Accounts likeย Admin,ย ServerAdmin,ย Service Adminย (no owner, no purpose)
๐ ๐๐ถ๐บ๐ฝ๐น๐ฒ ๐ฎ๐ฝ๐ฝ๐ฟ๐ผ๐ฎ๐ฐ๐ต ๐๐ต๐ฎ๐ ๐๐ผ๐ฟ๐ธ๐:
๐ฅ Users (make them personal + use prefixes or suffixes):
โช๏ธ Standard:ย dhorak
โช๏ธ Tier admin:ย t1-dhorak
โช๏ธ Tier service:ย t1s-app01
๐ฅ๏ธ Devices (encode what you need to operate + secure them):
โช๏ธ I like:ย Location + Prod/Test + App/Role + Type + Number
โช๏ธ Example:ย PRGP-AD-DC01
โช๏ธ (Prague, Production, Active Directory, Domain Controller, 01)
Yes, some regulated environments ๐บ๐๐๐ ๐ฎ๐ป๐ผ๐ป๐๐บ๐ถ๐๐ฒ ๐ป๐ฎ๐บ๐ฒ๐ โ fair.
But if you donโtย haveย toโฆ donโt hide behind IDs. It doesnโt add real security, it mostly adds confusion.
Do you have a naming convention in place?ย If yes, what format do you use?
