Suppose an individual were able to introduce a malicious DHCP server into your environment. That server could then...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
wreak all sorts of havoc on your network. In the best case, it could simply offer every client an identical IP address, resulting in a network outage when all hosts believe they were leased the same address. In the worst case, the rogue server could set the default gateway to be the IP address of an attacker's proxy server. In such a scenario, an attacker could intercept all traffic leaving the host.
For this reason, it's important to ensure that you don't have rogue DHCP servers on your network. Microsoft's DHCP Server Location Utility is a great tool that allows you to search your network for active DHCP servers. You can also provide it with a list of authorized DHCP servers and configure it to alert you immediately if a rogue server is detected. Due to the risks described above, you should take action to immediately disconnect any rogue servers on your network.
Dig Deeper on Monitoring Network Traffic and Network Forensics
Related Q&A from Mike Chapple
Cloud compliance issues are no reason for enterprises not to move to the cloud. Expert Mike Chapple explains why, as well as what to keep in mind ...continue reading
The GAO reported on SEC cybersecurity weaknesses, even though the SEC regulates cybersecurity. Expert Mike Chapple discusses the effects of this ...continue reading
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.