Re: Security of IP addresses assgined by DHCP

From: Stuart Mackie (*REMOVE*
Date: 03/08/03

  • Next message: Steven L Umbach: "Re: Security of IP addresses assgined by DHCP"
    From: "Stuart Mackie" <*REMOVE*>
    Date: Sat, 8 Mar 2003 22:49:04 -0000

    I currently have a wireless (and wired) network at home. I'm currently
    doing my MCSE and am quite security conscious and have came across a similar
    problem to yourself. If you use Wireless hardware supporting 802.1X
    authentication and have a certificate server you can configure the wireless
    part of the network to only allow access if their username and or computer
    has the appropriate certificates. I would presume (although haven't
    implemented this) that you could apply the same method to a wired network.
    In the case of 802.1X, if a system doesn't have the correct credentials they
    don't get access to the network and therefore won't even get as far as
    getting allocated their details from DHCP With this an some type of ACL
    list in your wireless access point you should be relatively secure in terms
    of access (WEP isn't good as you probably know so something extra for data
    encryption such as VPN would also be good).

    I would presume in the case of a wired network this may not be as easy but
    still possible. Along similar lines with credential authentication possibly
    with ISA server you may be able to configure your network, or at least a
    gateway system to restrict access and stop users from just plugging in.

    Stuart Mackie,  MMVS
    "Jim" <> wrote in message
    > We have been wrestling with the issue of the use of DHCP
    > and the ability for any outside system once inside the
    > building and configured for DHCP being able to connect to
    > our network. We are examing policy concerning wireless
    > access, yet for any contractor/vendor allowed in the
    > building they can connect any non-corporate approved
    > device to the network and receive access via DHCP.
    > Are their any DHCP configurations/software available that
    > would allow for some kind of "inspection" of the device
    > requesting an IP address from a DHCP server, and determine
    > if indeed this device is "approved" to receive an IP
    > address? I'm aware of techniques to utilize MAC addresses,
    > but this seems to potentially be an administration
    > nightmare.
    > Thanks
    > Jim

  • Next message: Steven L Umbach: "Re: Security of IP addresses assgined by DHCP"