Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?

From: Luca Berra (bluca@comedia.it)
Date: 01/24/03


From: Luca Berra <bluca@comedia.it>
To: firewall-wizards@honor.icsalabs.com
Date: Fri Jan 24 20:47:01 2003

On Wed, Jan 22, 2003 at 09:21:25AM +0100, Ben Nagy wrote:
>Put me down as a "me too" for Wes's post.
>
>Static IP assignment for individual clients is insane. If you want
>strong(ish) machine-based security then look at switch port MAC filters;
>they're also insane from a management point of view but at least they
>actually offer a positive security delta.

you will probably want to implement 802.1X, MAC filters are a nightmare
to manage.

(i said 802.1X not 802.11X)

>Please ask your security consultant to send us a short note explaining the
>risks of "DHCP database compromise". I shall pin it on my wall.

me too :)

-- 
Luca Berra -- bluca@comedia.it
        Communication Media & Services S.r.l.
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \