RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk?

From: Paul Robertson (proberts@patriot.net)
Date: 01/22/03


From: Paul Robertson <proberts@patriot.net>
To: David Lang <david.lang@digitalinsight.com>
Date: Wed Jan 22 17:39:21 2003

On Wed, 22 Jan 2003, David Lang wrote:

> Paul (and others refering to the headachs of static addresses)
>
> if you staticly assign the addresses via DHCP does your opposition still
> stand?

Actually, that's what I don't like to do. I don't mind managing static
address assignments for servers (I've never had major issues with
renumbering server networks.)

> doing this gains you the central management advantages of DHCP

It adds another machine in the "must be working" dependency chain, and
that's not something I tend to do lightly.

> since the address management is centralized it's much easier to avoid
> duplicates.

If servers are up and running, checking before assigning a new number
isn't all that difficult.

The few times I've had to do major renumbering, it's been a good thing to
go touch all the servers.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation