Re: Security of IP addresses assgined by DHCP

From: Stuart Mackie (*REMOVE*me@stu.uk.com)
Date: 03/08/03

  • Next message: Steven L Umbach: "Re: Security of IP addresses assgined by DHCP"
    From: "Stuart Mackie" <*REMOVE*me@stu.uk.com>
    Date: Sat, 8 Mar 2003 22:49:04 -0000
    
    

    I currently have a wireless (and wired) network at home. I'm currently
    doing my MCSE and am quite security conscious and have came across a similar
    problem to yourself. If you use Wireless hardware supporting 802.1X
    authentication and have a certificate server you can configure the wireless
    part of the network to only allow access if their username and or computer
    has the appropriate certificates. I would presume (although haven't
    implemented this) that you could apply the same method to a wired network.
    In the case of 802.1X, if a system doesn't have the correct credentials they
    don't get access to the network and therefore won't even get as far as
    getting allocated their details from DHCP With this an some type of ACL
    list in your wireless access point you should be relatively secure in terms
    of access (WEP isn't good as you probably know so something extra for data
    encryption such as VPN would also be good).

    I would presume in the case of a wired network this may not be as easy but
    still possible. Along similar lines with credential authentication possibly
    with ISA server you may be able to configure your network, or at least a
    gateway system to restrict access and stop users from just plugging in.

    --
    Hth,
    Stuart Mackie,  MMVS
    www.stu.uk.com
    "Jim" <jim.garrett@lifeway.com> wrote in message
    news:03a801c2e3f4$3b5e33f0$3001280a@phx.gbl...
    > We have been wrestling with the issue of the use of DHCP
    > and the ability for any outside system once inside the
    > building and configured for DHCP being able to connect to
    > our network. We are examing policy concerning wireless
    > access, yet for any contractor/vendor allowed in the
    > building they can connect any non-corporate approved
    > device to the network and receive access via DHCP.
    >
    > Are their any DHCP configurations/software available that
    > would allow for some kind of "inspection" of the device
    > requesting an IP address from a DHCP server, and determine
    > if indeed this device is "approved" to receive an IP
    > address? I'm aware of techniques to utilize MAC addresses,
    > but this seems to potentially be an administration
    > nightmare.
    >
    > Thanks
    >
    > Jim
    

  • Next message: Steven L Umbach: "Re: Security of IP addresses assgined by DHCP"

    Relevant Pages

    • RE: Problems with Permissions
      ... For the "Network Configuration Wizard" not accessible issue, ... The DHCP not working properly issue may due to DNS not correctly ... ipconfig /all on SBS server, ...
      (microsoft.public.windows.server.sbs)
    • Re: Setting up dhcp-server on my desktop machine
      ... Your server is configured to use dhcp to acquire a network address? ... I don't know how to setup my interfaces so I achieve my goal. ... Setting up a dhcp server is completely independent of setting up the ...
      (Debian-User)
    • Re: networking private and public hosts questions
      ... some systmes in storage to create a test network. ... a WS to the child and attempted to pull an IP from the DHCP server, ...
      (microsoft.public.win2000.networking)
    • Re: Multiple IP Schemes for Different Buildings
      ... The linksys on your first network stays as it is, ... DHCP broadcast is on the local subnet only, ... router to forward internet traffic to your firewall. ... If each server has it's own DHCP server then I don't need to worry ...
      (microsoft.public.windows.server.general)
    • Re: Wireless Network Issue - SBS2K3 - Configuration and / or Topol
      ... I am quietly confident that moving the SBS to ... and the SBS is the DHCP/DNS server - but everything else in my house is ... wireless and it works fine. ... cause is incorrect network configuration and / or hardware topology. ...
      (microsoft.public.windows.server.sbs)