Re: DHCP

From: Robert Moir (bofh@mvps.org)
Date: 04/15/03 

From: "Robert Moir" <bofh@mvps.org>
Date: Tue, 15 Apr 2003 20:52:15 +0100

Gabe wrote:
> consider the following:
> Joe Bloe sneaks into our office building with his own
> notebook computer. He finds an empty office, plugs his
> notebook into the network port on the wall, fires it up,
> does a login to his notebooks local account and gets an
> IP address and access to WAN resources without knowing
> even as much as a username, password, or domain name.
>
>
> ok, maybe my IT security person is being a bit PARANOID.
>
> This could happen. Are there plans for
> an "authenticating" DHCP server from microsoft?

The biggest problem as I see it is that your IT Security person doesn't
understand DHCP.

DHCP simply allocates IP info that's all. This can be done manually as well
as via DHCP.
Simply having an IP address doesn't allow you to have access to a network
without knowing account passwords. If it did, all of us connected to the
internet would have no security from each other as we've all got an IP
address allocated to us.

If your IT security person wants to spend their paranoia in a more
productive manner how about making sure that ports in disused offices such
as the ones you describe above are not plugged in at the network cabinet, so
that anyone sneaking into an unused office won't be able to get on the
network from there even if they have the admin passwords.

If you mean "unused" in the sense that people have stepped outside
temporarily, then if this is a serious worry you need to review your
building's physical security arrangements. After all if they can walk around
and pick unused offices at their leisure they can also just pick up the
information they want when its printed out and sitting on a desk, or they
can help themselves to a few laptops which have local copies of the
information saved so that the users can work from home, no? 

-- 
-- 
Rob Moir
Microsoft MVP for Windows / Security
www.robertmoir.co.uk

Relevant Pages

  • Re: Sharing Program files
    ... >Notebook, although both XP's are set up identically as far as I can tell. ... On XP Pro with SFS disabled, check the Local Security Policies (Control Panel - ... "Network access: Sharing and security model", and ensure it's set to "Classic - ... Permissions button to specify network access permissions, ...
    (microsoft.public.windowsxp.network_web)
  • Re: printer sharing and security?
    ... to use WPA security, rather than staying with WEP (which was ... Is there a way to set up just printer sharing? ... the NOTEBOOK with WIN XP and if the desktop has ... Sharing network printers within a network ...
    (alt.internet.wireless)
  • Re: [Full-Disclosure] Sasser author
    ... Company has firewalls and security stuff ... Manager has a notebook ... network everyone else is, and once he is the boss, things will be ...
    (Full-Disclosure)
  • SecurityFocus Microsoft Newsletter #50
    ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
    (Focus-Microsoft)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
Quantcast