Manager: why do we use IP address to reference to machines and servers instead of their hostname? And why don’t we assign proper hostname to these servers?
IT: Oh, because it is more secure that way!
Manager: <rolled his eyes! You can read the manager’s mind: “OMG! WTF! Are you kidding me?”>
I do not claim to be a network, infrastructure, nor application security expert. I have some industrial security experience. After all, I was a member of the SOX compliance special task force, implemented secure online transaction portal and partially responsible for the web security for one of the larger portal companies (in 2000 – 2009)
That’s the classic example of security by obscurity. To me, using IP address to reference to machines and servers:
- is a very ineffective way to provide security, if any
- is a very error-prone and maintenance-heavy way to build application with
- provides next-to-none extensibility to your network
- creates far more confusion for internal network administrators and developers than the security provided
In short, the cost far outweighs the benefit.
No comments:
Post a Comment