Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DHCP in a corporate MS environment - Security Risk?

From: "Paul D. Robertson" <proberts () patriot net>
Date: Wed, 22 Jan 2003 09:23:19 -0500 (EST)
On Tue, 21 Jan 2003, Noonan, Wesley wrote:


Absolutely no doubt in my mind, I have and will continue to use DHCP as much
as I can, provided of course it is technically and logistically feasible. As


I don't like static DHCP for servers because it creates an unnecessary 
dependency on a system that's easy to MITM.  For clients, I don't mind at 
all.  A lot of it has to do with how the network is structured though- if 
it's a small, flat network, then that's not as much of an issue as if the 
network's routed and reliant on DHCP helpers to get an answer back before 
any attacker might (DoS on a local DHCP server is a different issue.)

I wouldn't manage client addresses manually any more though unless I was 
specifically trying to do a specific static addressing/routing/ARP table 
thing.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: