Re: Setting specific IP address?
From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 05/12/05
- Next message: Moe Trin: "Re: Setting specific IP address?"
- Previous message: xsr: "Re: DMZ option on router"
- In reply to: Moe Trin: "Re: Setting specific IP address?"
- Next in thread: Moe Trin: "Re: Setting specific IP address?"
- Reply: Moe Trin: "Re: Setting specific IP address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 May 2005 13:34:10 +0100
Moe Trin wrote:
> In article <d5nul3$22l$1@newsfeed.th.ifl.net>, andy smart wrote:
>
>
>>Why do you need to provide a fixed IP address for this machine? If it's
>>on a network you might as well let DHCP handle it for you
>
>
> Some organizations feel that using DHCP is a quite unnecessary security
> risk. If your network has an adequate number of IP addresses for the
> number of computers connected, then the only real advantage of DHCP is
> when you have computers being disconnected and moved here and there.
> That's another security risk not needed.
>
>
>>(if it's on a network but still needs a fixed IP then you can reserve
>>an address in DHCP so it always gets the same one).
>
>
> What is the difference in the effort to set up a static IP address on
> the DHCP (D is for Dynamic), then to set it on the host? If, like an
> ISP (cable/DSL), you have smart people administering a server, and all
> of the people "administering" the clients have the computer knowledge
> of a toadstool, and you can tolerate the security risks, then DHCP may
> be a sensible solution. On the other hand (particularly when the same
> people are administering the servers AND clients), you need to balance
> the effort to configure the server, verses the effort to configure the
> individual hosts, and factor in security issues.
Actually, and of course I speak for me and my experience, its a lot
faster to do via DHCP (with reservations if required) than to set client
IP. We have 200+ stations here which often need rebuilding, I would say
that most get a total re-installation at least once if not twice a year.
I can start it going via PXE and go off and leave it knowing that it
will get its OS installed, all the apps deployed via AD and an IP
assigned via DHCP and I need not go back to it at any stage unless
something goes wrong! I used to work somewhere where we used to do fixed
IP, so we had to have an accurate listing of which machines got which
IP, then we had to set them up one at a time; they've now gone onto DHCP
(they also now re-build every one of their machines at least once a
month which solves most of the problems we used to have in my day)
>
>
>>Is this because you have a small network of peer-to-peer machines which
>>does not have DHCP so you must IP each machine individually?
>
>
> 2131 Dynamic Host Configuration Protocol. R. Droms. March 1997.
> (Format: TXT=113738 bytes) (Obsoletes RFC1541) (Updated by RFC3396)
> (Status: DRAFT STANDARD)
>
> and you can trace that standard back to BOOTP (RFC0951 in September 1985).
> The DHCP standards have always had a 'Section 7' entitled "Security
> Considerations", the first paragraph of that section reads:
>
> 7. Security Considerations
>
> DHCP is built directly on UDP and IP which are as yet inherently
> insecure. Furthermore, DHCP is generally intended to make
> maintenance of remote and/or diskless hosts easier. While perhaps
> not impossible, configuring such hosts with passwords or keys may be
> difficult and inconvenient. Therefore, DHCP in its current form is
> quite insecure.
>
> Thanks, but DHCP has never been authorized here.
>
> Old guy
>
- Next message: Moe Trin: "Re: Setting specific IP address?"
- Previous message: xsr: "Re: DMZ option on router"
- In reply to: Moe Trin: "Re: Setting specific IP address?"
- Next in thread: Moe Trin: "Re: Setting specific IP address?"
- Reply: Moe Trin: "Re: Setting specific IP address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
