I have found several of my network devices are showing up within our vulnerability management scanner with X.509 Certificate Subject CN does not match the entity name as a vulnerability. This is more than likely a DNS issue as I do not have any network devices with DNS records. I have been told conflicting opinions and would like to know how do I find the best practices on this finding. Which one would be the most accurate process that I should follow: It is best practice not to place DNS records on my network devices as it will make them unrecognizable on the public-facing side. Therefore, security by obscurity. Attempt to place DNS records as this secures all devices and allows for security teams to identify and ensure that these devices are behaving as needed through the SIEM.
... View more