DHCP security
Styma, Robert E (Robert)
stymar at alcatel-lucent.com
Tue Oct 9 20:44:23 UTC 2007
>
> While I realize DHCPd isn't a security program of any kind, this
> does have to do with it. So I just switched our entire
> network over to
> DHCP assigned IPs in preparation for another project. But in doing
> that, I've come to realize that anyone could plug in their machine and
> manually set their IP address and by-pass the DHCP discovery all
> together. And thus also gaining access to our internal network,
> something we might not necassarily want to allow. So the
> question now
Even before you enabled DHCP, if someone could plug into your network,
they could manually set an IP address. The first issue of course is
the physical security of your internal network. I assume you do not
have RJ45 connections out in the parking lot :-). You might want to
look at who would have access to a port on your internal network. If
you do not like the answer to that question, you have to look at the
physical security to your servers or client machines. If someone can
lay hands on your machines, there is no security. You then have to
start looking at protection of the data itself. That becomes a much
more involved issue. Protecting SMB shares is different than protecting
NFS mount points. Do you have NIS or LDAP? Netgroups?
Sorry I don't have a direct answer, but these are issues you may
want to ponder.
Bob Styma
More information about the users
mailing list