Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DHCP in a corporate MS environment - Security Risk?

From: Luca Berra <bluca () comedia it>
Date: Wed, 29 Jan 2003 00:23:21 +0100
On Sat, Jan 25, 2003 at 12:53:35AM +0100, Luca Berra wrote:

On Wed, Jan 22, 2003 at 09:21:25AM +0100, Ben Nagy wrote:

Put me down as a "me too" for Wes's post.

Static IP assignment for individual clients is insane. If you want
strong(ish) machine-based security then look at switch port MAC filters;
they're also insane from a management point of view but at least they
actually offer a positive security delta.


you will probably want to implement 802.1X, MAC filters are a nightmare
to manage.


besides that mac address can be faked, and if the scenario is someone
having access to the client workstation lan and trying to escalate
privileges it is not even difficult to gather the correct ip/mac combo.

L.

--
Luca Berra -- bluca () comedia it
       Communication Media & Services S.r.l.
/"\
\ /     ASCII RIBBON CAMPAIGN
 X        AGAINST HTML MAIL
/ \
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: