DHCP versus Static IP
5 pts.
0
Q:
DHCP versus Static IP
The company I work for is planning on disabling the DHCP server and issue static IP addresses to all devices.  We have over 100 computers and wireless access points for laptops.  Has anyone ever heard of this approach to increase security?


 

ASKED: Oct 17 2009  4:18 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
0
47440 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
People try this from time to time, but the management nightmare that this creates quickly gets people back to using DHCP. If you don't want your DHCP server issueing IPs to computers that it shouldn't setup a reservation for each computer. This way you can still use DHCP to manage everything, and when new computers are added to the network you simply adjust the scope, and setup a reservation.
Last Answered: Oct 17 2009  10:12 PM GMT by Mrdenny   47440 pts.
0
0
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Yasirirfan   2995 pts.  |   Oct 18 2009  4:44AM GMT

Yeah I agree with Mrdenny, DHCP is the best way to manage the IP address assignement, if you are using Static IP address then you have to document them so that no duplication occurs. As far as Management devices such as Servers, Switches , routers and access points are concerned static IPs are recommended.

 

KevinBeaver   7610 pts.  |   Oct 19 2009  12:37PM GMT

I can’t think of much value this would add from a security perspective. If anything it’ll just create more work on the network administration side and end up increasing business risks.

 

Sonotsky   660 pts.  |   Oct 19 2009  1:13PM GMT

Agreed with all responses to date.

If by “security”, management wants to know which IP is causing certain traffic (and by extension, which workstation), then reserved addresses in dhcp works well. Yes, it’s possible for the user to change their MAC to attempt to obtain a different IP, but if the user has that much access to their workstation, then I think the network is the wrong place to be looking to improve security…

 

Mshen   23905 pts.  |   Oct 19 2009  11:24PM GMT

Static addresses isn’t the best way to do it; there is too much administrative overhead and little added security. Look into Network Access Control (NAC), Switchport security on the switch, or MAC Access-lists on the switch.

 

Jayaram   135 pts.  |   Oct 22 2009  4:07PM GMT

Mrdenny,

1. A wireless device that gets within range of your wireless network equipment may be able to acquire an IP address from your router. this is for more security purpose.

2. For small networks like a home network, you can add some extra protection by turning off the DHCP, or automatic IP addressing, feature of the router and manually assigning static IP addresses.

At the end the above is for more security purpose.

 

mrdenny   47440 pts.  |   Oct 23 2009  6:53PM GMT

If you have wireless networks, those network should be secured using a key through WPA or WEP key so that if random people walk up to your WiFi network with a laptop they can’t connect to the network, and therefor can’t get an IP address.

If a corporate environment you can deploy the keys and SSID to the computer via GPO so that all company laptops can connect to the wireless without having to give the users the key.

 

Syphun   185 pts.  |   Oct 26 2009  7:56PM GMT

I so much agree with mrdenny, the basic fact remains that DHCP is the one and only way to create less work for the network admin and as well secure your network if you know the right things to do with your GPO on the server.
Static IP will only create more trouble. . . .STAY OFF IT if you can.. . . and i know you can. . .

 
0