Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DHCP in a corporate MS environment - Security Risk?

From: David Lang <david.lang () digitalinsight com>
Date: Wed, 22 Jan 2003 16:01:38 -0800 (PST)
On Wed, 22 Jan 2003, Noonan, Wesley wrote:


Auditing, to me at least, is a non-issue here. I can correlate the data
between logs (it is, after all, what we get paid for) just as easily with
DHCP everywhere as I can with statics or reservations in place.



Wes, how do you track things over time as IP addresses change? The only
way I can think of is to run all your logs through a post-processor to
cross referance with your DHCP logs to find what machine was at a given IP
address at the time of the log entry.

if all you are doing is comparing different logs at time X it's not a
problem, but if you want to be able to notice that a given machine is
doing the same thing every monday morning then you need to know that IP
1.2.3.4 on Jan 1 is the same machine as 1.2.3.5 on Feb 1.

David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: