Firewall Wizards mailing list archives
RE: DHCP in a corporate MS environment - Security Risk?
From: David Lang <david.lang () digitalinsight com>
Date: Wed, 22 Jan 2003 13:56:16 -0800 (PST)
Paul (and others refering to the headachs of static addresses) if you staticly assign the addresses via DHCP does your opposition still stand? doing this gains you the central management advantages of DHCP since the leases are fixed you only have to backup the config, not the leases (hopefully something that changes less frequently) backup servers become trivial becouse the primary and backup will be issuing the same IP, no need for any complicated syncing between them since the address management is centralized it's much easier to avoid duplicates. it gives you the ability to do analysis over time of firewall/IDS logs without having to lookup each entry to see which machine had that IP at that time. no it's not foolproof (as per notes about manually setting IP addresses) but it seems like it provides advantages over dynamic addresses at the cost of additional work when a new machine is introduced on the network. David Lang On Wed, 22 Jan 2003, Paul D. Robertson wrote:
Date: Wed, 22 Jan 2003 09:23:19 -0500 (EST) From: Paul D. Robertson <proberts () patriot net> To: "Noonan, Wesley" <Wesley_Noonan () bmc com> Cc: 'Eye Am' <eyeam () optonline net>, firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk? On Tue, 21 Jan 2003, Noonan, Wesley wrote:Absolutely no doubt in my mind, I have and will continue to use DHCP as much as I can, provided of course it is technically and logistically feasible. AsI don't like static DHCP for servers because it creates an unnecessary dependency on a system that's easy to MITM. For clients, I don't mind at all. A lot of it has to do with how the network is structured though- if it's a small, flat network, then that's not as much of an issue as if the network's routed and reliant on DHCP helpers to get an answer back before any attacker might (DoS on a local DHCP server is a different issue.) I wouldn't manage client addresses manually any more though unless I was specifically trying to do a specific static addressing/routing/ARP table thing. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: DHCP in a corporate MS environment - Security Risk?, (continued)
- Re: DHCP in a corporate MS environment - Security Risk? David Lang (Jan 21)
- Re: DHCP in a corporate MS environment - Security Risk? yossarian (Jan 22)
- Re: DHCP in a corporate MS environment - Security Risk? Bill Royds (Jan 22)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 22)
- Re: DHCP in a corporate MS environment - Security Risk? Luca Berra (Jan 24)
- Re: DHCP in a corporate MS environment - Security Risk? Luca Berra (Jan 28)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 29)
- Re: DHCP in a corporate MS environment - Security Risk? Luca Berra (Jan 24)
- Re: DHCP in a corporate MS environment - Security Risk? Luca Berra (Jan 22)
- RE: DHCP in a corporate MS environment - Security Risk? Noonan, Wesley (Jan 21)
- RE: DHCP in a corporate MS environment - Security Risk? Paul D. Robertson (Jan 22)
- RE: DHCP in a corporate MS environment - Security Risk? David Lang (Jan 22)
- RE: DHCP in a corporate MS environment - Security Risk? Paul Robertson (Jan 22)
- RE: DHCP in a corporate MS environment - Security Risk? Paul D. Robertson (Jan 22)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 23)
- Re: DHCP in a corporate MS environment - Security Risk? Gary Flynn (Jan 24)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 24)
- RE: DHCP in a corporate MS environment - Security Risk? David Lang (Jan 22)