Q

Dynamic Host Configuration Protocol and security

What security considerations should I take into account when using Dynamic Host Configuration Protocol (DHCP) in a wide area network and local area network? Are there tools for securing DHCP?


There are two primary security concerns with DHCP. The first is in regard to who is allowed to obtain an IP address from your DHCP server. The second is protecting the DHCP server itself.

Most companies have taken the approach of simply trying to physically protect the access points to their network. If an intruder could physically connect to the network, he could get an IP address from the DHCP server. This becomes even more of an issue if you are using wireless access.

Others have attempted to solve this problem by using DHCP software that allows them to specify the Media Access Control address of the adapters allowed to obtain an IP address. This can be a high-maintenance solution if there is a lot of turnover in the equipment used on your network.

The DHCP server must be protected as well. It should not be accessible from the Internet. Some of the primary attacks against the DHCP servers have been denial-of-service (DoS) attacks. The DoS attacks can use up all the available IP addresses that the server can allocate, thus denying legitimate hosts the opportunity to get an IP address.

A decent paper written by Lasse Sundstrom on DHCP and related security problems can be found at http://www.cs.hut.fi/~ljs/dhcp/dhcp.pdf.


This was first published in July 2001

Dig deeper on Configuration Management Planning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close