Re: DHCP ENCRYPTED TO DOMAIN MEMBERS

From: Oseas Millan (OseasMillan_at_discussions.microsoft.com)
Date: 10/28/04

• Next message: Miha Pihler: "Re: Newbie to SSL and CA"
• Previous message: Marcus Osborn: "re:Logon on to workstation"
• In reply to: Roger Abell: "Re: DHCP ENCRYPTED TO DOMAIN MEMBERS"
• Next in thread: Roger Abell [MVP]: "Re: DHCP ENCRYPTED TO DOMAIN MEMBERS"
• Reply: Roger Abell [MVP]: "Re: DHCP ENCRYPTED TO DOMAIN MEMBERS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Oct 2004 09:31:11 -0700

Thanks Roger.
Can I Encrypt the acknowledge ip message by IPSec? or Make Secure the UDP
port 67 an 68?

Thanks for help me, have a nice day

"Roger Abell" escribió:

> Well, you cannot use IPsec directly as the machines do
> not yet have a configured IP stack.
> You may want to look into a quarantine style use of an
> initial vlan handed out to any machine by dhcp, followed
> by configuration with an IP validly routable on the corp
> network after checks.
> Alternatively, and painfully, you could control this by
> having all IPs in the DHCP scopes reserved by MAC
> (Note: this one is fallible/spoofable).
>
> --
> Roger Abell
>
> "Oseas Millan" <OseasMillan@discussions.microsoft.com> wrote in message
> news:12D16F10-554D-47E6-AAE4-D841BB7C0AC6@microsoft.com...
> > Good Day.
> >
> > We Have a big Client, and we need to implement DHCP security, the security
> > consist is the only the domain members can have an IP via DHCP, the
> visitors
> > computers cannot obtain an IP via DHCP. I don´t know how implement this
> > solution, I Was try whit IPSec without results.
> >
> > Thanks for Help me.
> >
> >
>
>
>

• Next message: Miha Pihler: "Re: Newbie to SSL and CA"
• Previous message: Marcus Osborn: "re:Logon on to workstation"
• In reply to: Roger Abell: "Re: DHCP ENCRYPTED TO DOMAIN MEMBERS"
• Next in thread: Roger Abell [MVP]: "Re: DHCP ENCRYPTED TO DOMAIN MEMBERS"
• Reply: Roger Abell [MVP]: "Re: DHCP ENCRYPTED TO DOMAIN MEMBERS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: assigning ip addresses on a secure way ... DHCP works off of broadcasts. ... has network access to a DHCP server can get an address as long as there are address ... allows you to filter mac addresses in a learn mode that can lock ports to the current ... Only W2K, XP Pro, and Windows 2003 are ipsec aware. ... (microsoft.public.security) Re: Group policy to restrict who Recieves an IP from DHCP??? ... DHCP is not a good security mechanism though you can use reservations that ... capable switches, compatible operating systems, PKI, and IAS server on the ... Ipsec may be something to look at. ... While you can use ipsec to protect domain computers, ... (microsoft.public.win2000.group_policy) Re: assigning ip addresses on a secure way ... > superscope scenario to configure the DHCP to assign 10.3.ip s just to the ... >> allows you to filter mac addresses in a learn mode that can lock ports to ... >> configurations and can allow all computers internet access while not ... >> Within a domain ipsec by default will use kerberos authentication and any ... (microsoft.public.security) Re: Firewalls and PCI ... DHCP all an attacker with zero knowledge of the network configuration ... a comment about IPSec: ... (Security-Basics) Re: Malicious Software Removal Tool Errors Reported ... IPSec Services: IPSec Services failed to get the complete list of network ... IPSec policy agent changed: parameter PolicySource: parameter parameter ... Event Source: Dhcp ... (microsoft.public.windowsxp.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint