Is your PC's computer name a security risk?

For everything that's not in any way related to PureBasic. General chat etc...
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Is your PC's computer name a security risk?

Post by Dude »

I'm sure I read somewhere once that your PC's computer name (returned with the ComputerName() command) can be a security risk if other people know it. Is that true? I don't see how it can be, and surely more than one PC worldwide would have any given name.
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: Is your PC's computer name a security risk?

Post by Mijikai »

Dude wrote:I'm sure I read somewhere once that your PC's computer name (returned with the ComputerName() command) can be a security risk if other people know it. Is that true? I don't see how it can be, and surely more than one PC worldwide would have any given name.
If an attacker gains access to a network this kind of information may aid them.
User avatar
tj1010
Enthusiast
Enthusiast
Posts: 623
Joined: Mon Feb 25, 2013 5:51 pm
Location: US or Estonia
Contact:

Re: Is your PC's computer name a security risk?

Post by tj1010 »

Only with RPC and SMB based attacks. There should be isolation on the switch anyway unless it's enterprise. I use the subnet mask to do subnet IP scans then arp and dns tricks to get the information and pipe it to different tools. I usually have to brute-force with up to date machines. If I get the admin pass over RPC I can run anything remotely.

Most quality routers have client isolation, optional UPNP, and DPI firewall. I have a SOHO SonicWall with these then also the built in OS firewall and a lot of sandboxing. It's easier than the internet suggests it is to make it hard even for a super-power to get remote code execution.
The truth hurts.
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Is your PC's computer name a security risk?

Post by Dude »

So if my computer name is "DUDE-WIN7" and I publish that online (like I just did here), can anyone hack into my PC or do anything with that info to attack my PC? That's what I read, but technically I don't see how. Is the name linked to a specific IP address or something, that they can search for and/or reverse-engineer?
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: Is your PC's computer name a security risk?

Post by mk-soft »

If only the Internet router is not totally distorted, is not a problem.

The computer names are not visible on the Internet and are required in the intranet for sharing folders and printers.

So:
- Router Ok
- Virus Protection Ok
- Firewalls ok
- OS system is up-to-date

no problem

You confuse the accesses from the Internet and Intranet
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
User avatar
tj1010
Enthusiast
Enthusiast
Posts: 623
Joined: Mon Feb 25, 2013 5:51 pm
Location: US or Estonia
Contact:

Re: Is your PC's computer name a security risk?

Post by tj1010 »

computer names only matter behind the NAT and malware can just scan the subnet there using the subnet mask. Local-firewall SMB and RPC ports. I think they are like 138,135,445, and 5357 TCP.

A router or switch with client-isolation saves you the trouble.. They aren't that rare.
The truth hurts.
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Is your PC's computer name a security risk?

Post by Lunasole »

Well... in total any your info (if it is true) is a "security risk"

Comp name can tell something interesting about owner in some cases, except what said already ("technically" it is usable in LAN mainly, not much dangerous and can easily post it anywhere. My PC is named "SUPERSONIC-II" for example :D )
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
User avatar
tj1010
Enthusiast
Enthusiast
Posts: 623
Joined: Mon Feb 25, 2013 5:51 pm
Location: US or Estonia
Contact:

Re: Is your PC's computer name a security risk?

Post by tj1010 »

One day there will be super-scary headlines about MAC addresses and mass-surveillance on LAN, WWAN, WAN, PAN etc..

Most people don't know governments are pretty much handed databases by NIC manufacturers world wide..
The truth hurts.
Post Reply