best practices

On Using Alternate Ports for SSH

by

There’s a post I read the other day that’s really been stuck in my craw (link is below). It was about the effects of moving SSH to an alternate port. The post starts out like this: Best practices state that you should run ssh on an non-standard port. Unfortunately some programs use port 22 by default and it isn’t obvious what the switch is to change this port. First, whose best practices say this? Some self-appointed security expert on the web? I ask because this sort of activity is known as “security through obscurity” and isn’t regarded well as a security tactic. The Wikipedia article on security through obscurity has a section called “Arguments For” which reads more like an …

Read More

Labels Should Not Be Affixed To Removable Parts

by

Once upon a time, in a data center not far away, a lone system administrator took the front bezels off several identical machines. Upon completing the work, this individual discovered that the labels for those machines were on the bezels themselves, making it difficult to tell which machines the bezels belonged to. Shortly thereafter, this lone system administrator configured the front display of those particular Dell servers to display the machine name, thereby solving this problem for himself and retaining the use of the bezels, because they’re pretty. Once upon a longer time ago, in a data center slightly farther away, a lone system administrator added a network interface card to one of his hosts. In doing this he removed …

Read More

8 Hints For Using DNS More Effectively

by

“We can solve any problem by introducing an extra level of indirection.” – Butler Lampson 1. DNS is a hierarchy. Use it to show logical groupings. Fully-qualified domain names (FQDNs) like pussinbootsthemovie.com are great examples of what happens when you don’t take advantage of the hierarchy in DNS. Wouldn’t pussinboots.dreamworks.com be just as easy? Or, frankly, just avoid the issue and do what Disney does: http://disney.com/cars/. What if all your company’s desktops were in .desktop.company.com? Would that help assign permissions to them? Or your engineering group had all their stuff in .eng.company.com? Test hosts in .test.company.com? Would having all your services at your DR site in .dr.company.com help to manage, monitor, and use them? I’m not saying that any of …

Read More