Networks what parts of network diagrams need to be kept secret?

I'm making some network diagrams at work and was wondering what I should change on it in order to safely post the diagrams as examples on the web?

The app I'm using wants a few samples of work done with it, so I thought I'd send mine in. I've disabled IP addresses, so now it just shows network hardware, which ports go where, and the names of the objects (such as "DC01" for our Domain Controller)

Any tips?

I don't want to do anything stupid and compromise my network, but I also want to help the guy out and encourage him to keep developing.

 

Fire them up here and we'll let you know

 

Here's the network map with no names or IP's on it... I would never post the IP's, but is there any danger in posting the names of the devices? Or should I continue to block them out?


(and this is half-sized so it doesn't look too great anyway)

 

not to digress much but what app are you using for that? does it sniff the info or are you manually putting it in?

 

ohhh i want that program...looks so much better than doing it in Visio.

I think thats pretty safe, security wise. all it shows is the hardware used and its routing.

 

no names, no brands, no ips where they can be seen
or
no names that are used on the machine my boxes usually get stupid names (prirt1, etc.) these stay internal as they matter from a remote view
but i give the machines\stuff good names on stickers for iding them (go grab oxygen,rubicon,finke and kill it please) these can be left on them

 

I'm using network notepad for the design of it all, and I hear it has some automagic tools somewhere, but this was all inputted by hand.

The drawing features are a little lacking, but the cool part is I can right click on a server and ping it to see if it is still alive

The graphic library I'm using was custom built (meaning I looked up the design specs on the various network hardware we are using, fired up inkscape and made the drawings.

The lines are all drawn by hand, but they do connect one item with another, so if you view the properties of an object it will show all of the links between it and other objects. (which can have comments added... so between a switch and a patchbay I can view the properties and see the names of the computers each patch-bay goes to without pulling up the patchbay to PC diagram.. if that makes any sense)

 

If you have a DNS server running internally, which links hostnames to IP's, I'd scratch those too, otherwise having names around is quite cool

My networks are quite obscure about IP's of my servers (also in weird ranges and stuff), and are only released on a need to know base.

EDIT: I know, obscurity != security, but it helps

 

Glider, agreed on the DNS issue, machine names == bad.

Now, while "obscurity != security" simply telling everyone everything == insecurity, so it isn't so much a security feature to obscure IP's of servers, it is avoiding insecurity, which is a good thing.

I think we love to say "obscurity != security", but we should finish it: "obscurity != security, but boy does it help!"

 

Can i ask what is the actual security risk, of detailing internal IP addresses? assuming the network is set up as shown in the digram and your using private IP ranges (RFC 1918).

 

It's really just a blueprint for a hacker to know what to focus on once he does get into your network.