Security Basics mailing list archives
Re: About War Driving ..
From: "Brian Loe" <knobdy () gmail com>
Date: Thu, 7 Dec 2006 13:03:39 -0600
On 12/6/06, FatalSaint <admin () linuxniche com> wrote:
>I haven't been following this thread but I'm just wondering how big of >a network is being supported/discussed when discussing the turning off >of DHCP and managing the static IPs and static routes? Not sure I follow. Leaving DHCP open with no filtering and just randomly assigning addresses makes auditing and tracking an admin's nightmare in incident response. Whatever size network.
Not really. With our logging and monitoring systems I can tell you who and where every machine on the network is - and we use DHCP, thankfully.
I've also worked with the largest Windows Active Directories in the world (AD's that span from Hawaii to Maine in the US - and every state in between); who also use Static IP's with Port Security on every LAN Access jack. If you plug the wrong IP or MAC into a network jack, it is immediately disabled and the admin's are notified (granted there is huge admin staff with seperate divisions at each larger site with main server banks in various locations).
I'd like to know what company this is - having worked at two of the largest phone companies in the country, who do not do this, as well as lots of other large companies with employees in the thousands and an international presence I know that I would not be interested in tracking statically assigned IP addresses. You're looking at moving hundreds of PCs a day, every day, and any advantage you would obtain from doing so can be better obtained with better monitoring tools.
My father was 1 of maybe 3 or 4 Systems administrators in a company with about 300 users.
I hope they have a lot of servers to support. I realize that "system administrator" is thrown around pretty loosely these days but I've worked as the only sys admin in a company of 400. That position at that company is still a one man IT shop, 5 years after I left.
All of the above were static. And when there were security incidents there were logs and details and a place to start. When a user check's in, they are assigned a PC, with a MAC and an IP and it's is put inside an encrypted log file.
I'm not sure why you would need to encrypt a log file - or why a log file would contain your MAC/IP mappings. I do know that the company I'm at now has the same level of logging and knowledge of their network and the PCs on it, without having a manage a couple thousand IP/MAC addresses. And just because you can plug a machine in and get an IP doesn't mean you'll be able to do anything on the network or that you won't be found and shut down.
I'm not saying I'm an expert here.. but so far in my experience I've never seen an absolute need for DHCP that outweighs the risk of allowing unauthorized PC's to get on your network. At least make an intruder work for it.
Again, I've never seen the need to NOT run DHCP that outweighed the administrative overhead of doing it manually. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Re: About War Driving .., (continued)
- Re: About War Driving .. Joel W Pauling (Dec 01)
- Re: About War Driving .. giles (Dec 01)
- Re: About War Driving .. FatalSaint (Dec 01)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. FatalSaint (Dec 06)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Kelly Martin (Dec 08)
- Re: About War Driving .. pryorda pryor (Dec 12)
- RE: About War Driving .. Alan Greig (Dec 06)