I recently tackled this topic on another forum, and was surpised at the
resistance to DHCP.
When implemented properly, DHCP can do more to help define and secure your
network than hurt it- this lies in using DHCP's MAC address reservations. If
you don't allow any 'traditional' scopes of random address pools, and instead
lock down reservations of every device in your network by MAC address, then
you've gone a long way to securing your network. Here's why-
1- No one can take any address they want.
2- control over client ip settings.
3- the reservations become your network's ACL list.
Most people regard DHCP in the old random address pool perpsective- that is
very insecure and should be avoided at all costs. But leaving your network to
merely static addressing leaves a few things loose that strict DHCP tightens
up-- and that's good for security.
One person mentioned that the flaw with this is that you can still have MAC
address spoofing. This is true, but, you have that no matter what method you
choose- and - you can eliminate that with 802.1x authentication.
Hope to hear your thoughts on this- Dan Farrell danno@appliedi.net
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
