Security Basics mailing list archives
Re: About War Driving ..
From: FatalSaint <admin () linuxniche com>
Date: Wed, 06 Dec 2006 16:34:43 -0700
I haven't been following this thread but I'm just wondering how big of a network is being supported/discussed when discussing the turning off of DHCP and managing the static IPs and static routes?
Not sure I follow. Leaving DHCP open with no filtering and just randomly assigning addresses makes auditing and tracking an admin's nightmare in incident response. Whatever size network. I run my own smaller networks with 15 or so on the LAN and less than 10 on the DMZ. I've also worked with the largest Windows Active Directories in the world (AD's that span from Hawaii to Maine in the US - and every state in between); who also use Static IP's with Port Security on every LAN Access jack. If you plug the wrong IP or MAC into a network jack, it is immediately disabled and the admin's are notified (granted there is huge admin staff with seperate divisions at each larger site with main server banks in various locations). My father was 1 of maybe 3 or 4 Systems administrators in a company with about 300 users. All of the above were static. And when there were security incidents there were logs and details and a place to start. When a user check's in, they are assigned a PC, with a MAC and an IP and it's is put inside an encrypted log file. I'm not saying I'm an expert here.. but so far in my experience I've never seen an absolute need for DHCP that outweighs the risk of allowing unauthorized PC's to get on your network. At least make an intruder work for it. On 12/6/2006, "Brian Loe" <knobdy () gmail com> wrote:
I haven't been following this thread but I'm just wondering how big of a network is being supported/discussed when discussing the turning off of DHCP and managing the static IPs and static routes? There's something to be said for simplicity and an admin with a light work load when it comes to security...IMHO. On 12/5/06, FatalSaint <admin () linuxniche com> wrote:Ansgar -59cobalt- Wiechers wrote:2) Disable DHCP if you have it running or--Pointless, because the attacker can spoof a valid IP address. Correct - tack on some time for him to find one.
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- list moderation (was Re: About War Driving.), (continued)
- list moderation (was Re: About War Driving.) Kelly Martin (Dec 07)
- Re: About War Driving .. Joel W Pauling (Dec 01)
- Re: About War Driving .. giles (Dec 01)
- Re: About War Driving .. FatalSaint (Dec 01)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. FatalSaint (Dec 06)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Kelly Martin (Dec 08)
- Re: About War Driving .. pryorda pryor (Dec 12)
- RE: About War Driving .. Alan Greig (Dec 06)
