We're beginning to integrate virtual servers into our on-site data center for the first time, and the virtualization team is pushing for auto-assigning of IP addresses, a task the network/security team previously handled. Are there any security implications (pro and con) from making this change?
Ask the Expert!
Have questions about network security for expert Brad Casey? Send them via email today! (All questions are anonymous)
As in almost all things security related, the security implications of automatic IP addressing depend on a number of factors. First, what exactly is getting virtualized? Is the whole server infrastructure being virtualized? Is it only a partial effort, or will it be a staggered approach that results in a gradual virtualization? If it's only a partial effort, which servers will be virtualized?
I'm biased in favor of having the network/security team in charge of all IP addressing, whether it be DHCP or statically assigned IP addresses. Eventually, every network/security team should have a grasp (if they don't have it already) of the overall picture in terms of the network topology, network policies, the current security posture and so on, meaning they are the most knowledgeable candidates to handle IP addressing.
The only pro I can see in favor of allowing the virtualization team to handle automatic IP addressing is that they would most likely have a better handle on what virtual IPs exist within the network. Still, halfway competent network/security teams should eventually gain a good grasp on virtual IPs too. So, the network/security team maintaining IP addressing responsibilities just makes more sense.
Dig deeper on Network Protocols and Security
Related Q&A from Brad Casey, Contributor
Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.continue reading
Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.continue reading
The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.