RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk?

From: Paul Robertson (proberts@patriot.net)
Date: 01/22/03


From: Paul Robertson <proberts@patriot.net>
To: David Lang <david.lang@digitalinsight.com>
Date: Wed Jan 22 17:39:21 2003

On Wed, 22 Jan 2003, David Lang wrote:

> Paul (and others refering to the headachs of static addresses)
>
> if you staticly assign the addresses via DHCP does your opposition still
> stand?

Actually, that's what I don't like to do. I don't mind managing static
address assignments for servers (I've never had major issues with
renumbering server networks.)

> doing this gains you the central management advantages of DHCP

It adds another machine in the "must be working" dependency chain, and
that's not something I tend to do lightly.

> since the address management is centralized it's much easier to avoid
> duplicates.

If servers are up and running, checking before assigning a new number
isn't all that difficult.

The few times I've had to do major renumbering, it's been a good thing to
go touch all the servers.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation



Relevant Pages

  • Re: Error with domain trusts - 2003 to 2003
    ... I know that Paul, but you'll need to test that against the PDC servers, not any DC. ... MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci ... You'll need to make sure that you can contact the PDC in both domains as this DC is responsible for handling the trust password. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2000 logon process
    ... Paul Williams ... when clients are accessing the GPO stored in SYSVOL during logon. ... PW>> Sound's like - that's a combination of DNS and Dfs client pointing ... Global Catalogue servers? ...
    (microsoft.public.win2000.active_directory)
  • Re: Tosk versus Gene
    ... Assuming Paul is his real first name, ... Soliciting an attack on a business. ... all over the net chasing folks and offending anybody he can... ... none of this had anything to do with our servers. ...
    (rec.boats)
  • Re: Tosk versus Gene
    ... although my wife did take his threat seriously enough to send it off to ... Assuming Paul is his real first name, ... all over the net chasing folks and offending anybody he can... ... none of this had anything to do with our servers. ...
    (rec.boats)
  • Re: Tosk versus Gene
    ... Assuming Paul is his real first name, ... Soliciting an attack on a business. ... all over the net chasing folks and offending anybody he can... ... none of this had anything to do with our servers. ...
    (rec.boats)