Security Basics mailing list archives

RE: DHCP

From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 22 May 2009 10:51:34 -0700

  Reservations should be supported by any decent DHCP server.
They'll let you give known AC addresses known IP addresses, 
and assign any others from a pool. 

  But that just means that an intruder, to get a "good" IP
address, just has to spoof a good MAC address.  That's not
much security; DHCP really isn't intended as a security measure.

  A better approach, designed for your purpose, would be to
implement 802.1X.  You might need fancier network equipment to 
do that than you have currently.

David Gillett

-----Original Message-----
From: Doug McFarland [mailto:djm () yantarni com gt] 
Sent: Friday, May 22, 2009 7:39 AM
To: security-basics () securityfocus com
Subject: DHCP

Hi all,

I am looking for a way to block any PC that plugs into my 
network that is not authorized to access any network 
resources-servers, firewalls, etc. Is there a way in DHCP 
that I can add reservations just for the PCs that I want to 
allow the network resources and any other pc/laptop that 
happens to be plugged into the network either doesn't get an 
IP address, gets a dummy IP address, or something else? I've 
heard Windows Server 2008 can do this, but I'm not sure about 
2003. Any suggestions would be greatly appreciated.

Best regards,

djm

--------------------------------------------------------------
----------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp 
in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course 
materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, 
with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
--------------------------------------------------------------
----------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

DHCP Doug McFarland (May 22)
- Re: DHCP John Bailey (May 22)
  - RE: DHCP Cisternas Marquez, Gonzalo (May 25)
- Re: DHCP Gustavo Campos (May 22)
- RE: DHCP Valentin Fernandez Bolland (May 22)
  - Message not available
    - Re: DHCP Eric Kollmann (May 22)
    - Re: DHCP Tim Clewlow (May 22)
- Re: DHCP Shreyas Zare (May 22)
  - Message not available
    - Re: DHCP Shreyas Zare (May 22)
- RE: DHCP David Gillett (May 22)
- Re: DHCP Nikhil Wagholikar (May 22)
- Re: DHCP Philip Holbrook (May 22)
  - Re: DHCP Tim Clewlow (May 22)
- Re: DHCP bart knippenberg (May 25)
- <Possible follow-ups>
- Re: DHCP auto431078 (May 22)
- Fw: Re: DHCP ( ( ( belly ) ) ) (May 25)