Does automatic IP addressing carry any security implications?

We're beginning to integrate virtual servers into our on-site data center for the first time, and the virtualization team is pushing for auto-assigning of IP addresses, a task the network/security team previously handled. Are there any security implications (pro and con) from making this change?

    Requires Free Membership to View


Ask the Expert!

Have questions about network security for expert Brad Casey? Send them via email today! (All questions are anonymous)

As in almost all things security related, the security implications of automatic IP addressing depend on a number of factors. First, what exactly is getting virtualized? Is the whole server infrastructure being virtualized? Is it only a partial effort, or will it be a staggered approach that results in a gradual virtualization? If it's only a partial effort, which servers will be virtualized?

I'm biased in favor of having the network/security team in charge of all IP addressing, whether it be DHCP or statically assigned IP addresses. Eventually, every network/security team should have a grasp (if they don't have it already) of the overall picture in terms of the network topology, network policies, the current security posture and so on, meaning they are the most knowledgeable candidates to handle IP addressing.

The only pro I can see in favor of allowing the virtualization team to handle automatic IP addressing is that they would most likely have a better handle on what virtual IPs exist within the network. Still, halfway competent network/security teams should eventually gain a good grasp on virtual IPs too. So, the network/security team maintaining IP addressing responsibilities just makes more sense.

This was first published in April 2013

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: