RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk?

From: Paul Robertson (
Date: 01/22/03

From: Paul Robertson <>
To: David Lang <>
Date: Wed Jan 22 17:39:21 2003

On Wed, 22 Jan 2003, David Lang wrote:

> Paul (and others refering to the headachs of static addresses)
> if you staticly assign the addresses via DHCP does your opposition still
> stand?

Actually, that's what I don't like to do. I don't mind managing static
address assignments for servers (I've never had major issues with
renumbering server networks.)

> doing this gains you the central management advantages of DHCP

It adds another machine in the "must be working" dependency chain, and
that's not something I tend to do lightly.

> since the address management is centralized it's much easier to avoid
> duplicates.

If servers are up and running, checking before assigning a new number
isn't all that difficult.

The few times I've had to do major renumbering, it's been a good thing to
go touch all the servers.

Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation