Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?

From: Luca Berra (bluca@comedia.it)
Date: 01/24/03

Next message: Frank Darden: "RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: [fw-wiz] Blocking email through the web services"
In reply to: Ben Nagy: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Next in thread: Luca Berra: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Reply: Luca Berra: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Luca Berra <bluca@comedia.it>
To: firewall-wizards@honor.icsalabs.com
Date: Fri Jan 24 20:47:01 2003

On Wed, Jan 22, 2003 at 09:21:25AM +0100, Ben Nagy wrote:
>Put me down as a "me too" for Wes's post.
>
>Static IP assignment for individual clients is insane. If you want
>strong(ish) machine-based security then look at switch port MAC filters;
>they're also insane from a management point of view but at least they
>actually offer a positive security delta.

you will probably want to implement 802.1X, MAC filters are a nightmare
to manage.

(i said 802.1X not 802.11X)

>Please ask your security consultant to send us a short note explaining the
>risks of "DHCP database compromise". I shall pin it on my wall.

me too :)

-- 
Luca Berra -- bluca@comedia.it
        Communication Media & Services S.r.l.
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \

Next message: Frank Darden: "RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: [fw-wiz] Blocking email through the web services"
In reply to: Ben Nagy: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Next in thread: Luca Berra: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Reply: Luca Berra: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software fees
... And how, exactly, is that an "insane" pricing scheme? ... was a business called "Crazy Eddie" and I remember the commercial, ... case with reckless so called security experts who come up with insane ... Blah blah gross personal speculation blah... ...
(Full-Disclosure)
Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software fees
... And how, exactly, is that an "insane" pricing scheme? ... was a business called "Crazy Eddie" and I remember the commercial, ... case with reckless so called security experts who come up with insane ...
(Full-Disclosure)
Re: internet banking security
... What is insane about it? ... security professionals with proper security checks are a good resource ... they will have had more checks than the permanent employees. ... As long as the client organisation verifies the reputation and performs ...
(Security-Basics)
Re: internet banking security
... IMO hiring external is possibly one of the better routes to go ... (providing the external is certified recommended, yaddi yaddi yadda). ... >> on this list that thinks that this is a completely insane idea??? ... > security professionals with proper security checks are a good resource ...
(Security-Basics)
RE: internet banking security
... The answer to the poster's original questions are best left to a consultant ... Subject: internet banking security ... What is insane about it? ...
(Security-Basics)