Security Basics mailing list archives
RE: DHCP
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 22 May 2009 10:51:34 -0700
Reservations should be supported by any decent DHCP server. They'll let you give known AC addresses known IP addresses, and assign any others from a pool. But that just means that an intruder, to get a "good" IP address, just has to spoof a good MAC address. That's not much security; DHCP really isn't intended as a security measure. A better approach, designed for your purpose, would be to implement 802.1X. You might need fancier network equipment to do that than you have currently. David Gillett
-----Original Message----- From: Doug McFarland [mailto:djm () yantarni com gt] Sent: Friday, May 22, 2009 7:39 AM To: security-basics () securityfocus com Subject: DHCP Hi all, I am looking for a way to block any PC that plugs into my network that is not authorized to access any network resources-servers, firewalls, etc. Is there a way in DHCP that I can add reservations just for the PCs that I want to allow the network resources and any other pc/laptop that happens to be plugged into the network either doesn't get an IP address, gets a dummy IP address, or something else? I've heard Windows Server 2008 can do this, but I'm not sure about 2003. Any suggestions would be greatly appreciated. Best regards, djm -------------------------------------------------------------- ---------- This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- DHCP Doug McFarland (May 22)
- Re: DHCP Shreyas Zare (May 22)
- Message not available
- Re: DHCP Shreyas Zare (May 22)
- Message not available
- Re: DHCP Tim Clewlow (May 22)
- <Possible follow-ups>
- Re: DHCP auto431078 (May 22)
- Fw: Re: DHCP ( ( ( belly ) ) ) (May 25)