1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Networks what parts of network diagrams need to be kept secret?

Discussion in 'Hardware' started by OneSeventeen, 4 Jun 2007.

  1. OneSeventeen

    OneSeventeen Oooh Shiny!

    Joined:
    3 Apr 2002
    Posts:
    3,454
    Likes Received:
    2
    I'm making some network diagrams at work and was wondering what I should change on it in order to safely post the diagrams as examples on the web?

    The app I'm using wants a few samples of work done with it, so I thought I'd send mine in. I've disabled IP addresses, so now it just shows network hardware, which ports go where, and the names of the objects (such as "DC01" for our Domain Controller)

    Any tips?

    I don't want to do anything stupid and compromise my network, but I also want to help the guy out and encourage him to keep developing.
     
  2. DarkReaper

    DarkReaper Alignment: Sarcastic Good

    Joined:
    9 Jan 2004
    Posts:
    1,751
    Likes Received:
    0
    Fire them up here and we'll let you know ;)
     
  3. OneSeventeen

    OneSeventeen Oooh Shiny!

    Joined:
    3 Apr 2002
    Posts:
    3,454
    Likes Received:
    2
    Here's the network map with no names or IP's on it... I would never post the IP's, but is there any danger in posting the names of the devices? Or should I continue to block them out?

    [​IMG]
    (and this is half-sized so it doesn't look too great anyway)
     
  4. ocha

    ocha Member

    Joined:
    29 Dec 2001
    Posts:
    452
    Likes Received:
    0
    not to digress much but what app are you using for that? does it sniff the info or are you manually putting it in?
     
  5. Hells_Bliss

    Hells_Bliss New Member

    Joined:
    6 Apr 2007
    Posts:
    548
    Likes Received:
    0
    ohhh i want that program...looks so much better than doing it in Visio.

    I think thats pretty safe, security wise. all it shows is the hardware used and its routing.
     
  6. tacticus

    tacticus New Member

    Joined:
    14 Jan 2006
    Posts:
    360
    Likes Received:
    0
    no names, no brands, no ips where they can be seen
    or
    no names that are used on the machine my boxes usually get stupid names (prirt1, etc.) these stay internal as they matter from a remote view
    but i give the machines\stuff good names on stickers for iding them (go grab oxygen,rubicon,finke and kill it please) these can be left on them
     
  7. OneSeventeen

    OneSeventeen Oooh Shiny!

    Joined:
    3 Apr 2002
    Posts:
    3,454
    Likes Received:
    2
    I'm using network notepad for the design of it all, and I hear it has some automagic tools somewhere, but this was all inputted by hand.

    The drawing features are a little lacking, but the cool part is I can right click on a server and ping it to see if it is still alive :)

    The graphic library I'm using was custom built (meaning I looked up the design specs on the various network hardware we are using, fired up inkscape and made the drawings.

    The lines are all drawn by hand, but they do connect one item with another, so if you view the properties of an object it will show all of the links between it and other objects. (which can have comments added... so between a switch and a patchbay I can view the properties and see the names of the computers each patch-bay goes to without pulling up the patchbay to PC diagram.. if that makes any sense)
     
  8. Glider

    Glider /dev/null

    Joined:
    2 Aug 2005
    Posts:
    4,173
    Likes Received:
    21
    If you have a DNS server running internally, which links hostnames to IP's, I'd scratch those too, otherwise having names around is quite cool :)

    My networks are quite obscure about IP's of my servers (also in weird ranges and stuff), and are only released on a need to know base.

    EDIT: I know, obscurity != security, but it helps ;)
     
  9. OneSeventeen

    OneSeventeen Oooh Shiny!

    Joined:
    3 Apr 2002
    Posts:
    3,454
    Likes Received:
    2
    Glider, agreed on the DNS issue, machine names == bad.

    Now, while "obscurity != security" simply telling everyone everything == insecurity, so it isn't so much a security feature to obscure IP's of servers, it is avoiding insecurity, which is a good thing.

    I think we love to say "obscurity != security", but we should finish it: "obscurity != security, but boy does it help!" :D
     
  10. Shadow_101

    Shadow_101 Mudkips.

    Joined:
    12 Feb 2004
    Posts:
    1,115
    Likes Received:
    4
    Can i ask what is the actual security risk, of detailing internal IP addresses? assuming the network is set up as shown in the digram and your using private IP ranges (RFC 1918).
     
  11. CaseyBlackburn

    CaseyBlackburn Network Techie

    Joined:
    27 Jul 2004
    Posts:
    1,846
    Likes Received:
    0
    It's really just a blueprint for a hacker to know what to focus on once he does get into your network.
     
Tags:

Share This Page