6.19 Ensure Hostname is Not Set to Device Make or Model

Information

The device make and model should not appear in the hostname.

Rationale:

The first step in any attack is reconnaissance. An attacker will attempt to learn about the target network, its hosts and network devices.

A key piece of information for an attacker is what type of device he/she is attacking. By using the routers Model number, type, manufacturer or software version as part of its hostname, we give an attacker this valuable piece of information with no effort or risk of exposure. This is particularly true where the hostname is used in DNS.

This should not be interpreted as recommending 'security through obscurity' as a valid approach - rather that, as defenders, we would rather an attacker be required to perform more active reconnaissance to gather information about the target network - so that Intrusion Prevention Systems, Firewalls, Honeypots and other Security solutions are given a greater opportunity to detect and defend against the activity.

Impact:

The hostname will appear in the CLI prompt, in SNMP information and in log messages.

Solution

To configure the hostname, issue the following command from the [edit system] hierarchy;

[edit system]
user@host#set host-name <hostname>

The hostname should not include any indication of the make or model of the device.

Default Value:

Varies by platform.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|11

Plugin: Juniper

Control ID: 0b853fd6f0b6df16401ae50f24d04f3d40d55127ffe7d975d79d553b908b863d