Home page logo

basics logo Security Basics mailing list archives

Re: Down with DHCP!!!!
From: danno () appliedi net
Date: 20 Feb 2006 06:30:50 -0000

I recently tackled this topic on another forum, and was surpised at the resistance to DHCP.

When implemented properly, DHCP can do more to help define and secure your network than hurt it- this lies in using 
DHCP's MAC address reservations. If you don't allow any 'traditional' scopes of random address pools, and instead lock 
down reservations of every device in your network by MAC address, then you've gone a long way to securing your network. 
Here's why-

1- No one can take any address they want.
2- control over client ip settings.
3- the reservations become your network's ACL list.

Most people regard DHCP in the old random address pool perpsective- that is very insecure and should be avoided at all 
costs. But leaving your network to merely static addressing leaves a few things loose that strict DHCP tightens up-- 
and that's good for security.

One person mentioned that the flaw with this is that you can still have MAC address spoofing. This is true, but, you 
have that no matter what method you choose- and - you can eliminate that with 802.1x authentication.

Hope to hear your thoughts on this- Dan Farrell danno () appliedi net

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]