Best Practices for Securing Name Resolution
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Microsoft System Center Configuration Manager 2007 relies on name resolution to locate Configuration Manager 2007 services. For more information about service location, see Configuration Manager and Service Location (Site Information and Management Points).
Do not rely on WINS for name resolution WINS is not considered a secure method of name resolution because there are no mitigations to prevent attackers from modifying the WINS database, spoofing WINS traffic on the network, or reading the WINS data as it traverses the network. Extend the Active Directory schema for Configuration Manager 2007 to provide more secure lookup for Configuration Manager 2007 services and site systems, and use Active Directory-integrated Domain Name Service (DNS) to provide more secure name resolution.
Specify FQDNs for all site systems and senders If you specify only a short name when configuring site systems and sender addresses, either NetBIOS or host name, Configuration Manager 2007 will attempt to locate the resource using the DNS search suffixes and using NetBIOS name resolution. Specifying the fully qualified domain name (FQDN) reduces the likelihood that an attacker can impersonate the destination site server by spoofing the name or using a WINS attack. For more information, see Determine If You Will Use FQDN Server Names.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.