Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using DHCP (was RE: IP Spoofing)

From: Bill_Royds () pch gc ca
Date: Thu, 7 Oct 1999 12:44:33 -0400
Scenario.
I have a firewall rule set that allows use of a particular service for a limited
range of IP addresses (192.16.24.16/28 say) . I set up my DHCP server to give
out this range only to users that validate themselves (basically this range is
for a logical subnet withing a physical segment). So rather than changing
firewall rules each time a member of that secure user set changes, the DHCP
server validates users by things like NT group or challenge response etc. This
localizes the
security control to the actual owners of secure service.




"Dave Gillett" <dgillett () deepforest org> on 06/10/99 12:44:13 PM

Please respond to "Dave Gillett" <dgillett () deepforest org>

To:   firewall-wizards () lists nfr net
cc:    (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:  Re: Using DHCP (was RE: IP Spoofing)



On 3 Oct 99, at 11:01, Bill_Royds () pch gc ca wrote:


.... Having an authorizing DHCP server that can give the firewall
lists of IP's that have validated themselves for a service means
that the list is only as old as the DHCP lease.


  DHCP hands out addresses, but where does it do validation for
*services*?  This is news to me!

David G

Attachment: att1.eml
Description:

Previous By Date Next
Previous By Thread Next

Current thread: