DHCP vs Static IP Network
Our security manager is trying to force us to move from a DHCP / Static network to a purely static IP network We have about 300 clients, 70 servers, and 9 offices each on a seperate subnet.
Is / has anyone out there had to move from a DHCP network to a static IP network?
Is anyone using just static IP's on their entire network?
Does this make any sense to folks out there?
I would appreciate any feed back what so ever. Thanks,
Software/Hardware used:
Microsoft windows domain, Cisco routers,
Is / has anyone out there had to move from a DHCP network to a static IP network?
Is anyone using just static IP's on their entire network?
Does this make any sense to folks out there?
I would appreciate any feed back what so ever. Thanks,
Software/Hardware used:
Microsoft windows domain, Cisco routers,
ASKED:
December 15, 2009 9:31 PM
UPDATED:
December 22, 2009 2:56 PM
Answer Wiki:
Well if done right - DHCP should not be less secure than Static IPs. Both have their advantages and disadvantages. We use mixed setup - all workstations use DHCP for addressing, all servers use static IPs. To secure DHCP we've done couple of things such as static ARP entries on Cisco router for appropriate VLANs and DHCP Snooping on switches. Both static IPs and DHCP require some management effort. I think that DCHP is more secure than Static IP setup if it's centrally managed. DHCP could be less secure when you allow anyone who just plugged into the wall to get an IP address and go with it, but this also applies to the Static IPs.
To see all answers submitted to the Answer Wiki: View Answer History.
DHCP improves client manageability significantly. It permits you to manage settings from a central location that otherwise would require visiting each and every machine. You could use DHCP with reservations and possibly gain the security that your security manager is looking for while improving the management of the network. If rogue clients are a concern, implement some type of network admission control or rogue detection sensor.
Servers and resources like printers should always have static addresses. Clients that move between networks would have issues if they have a static IP address assigned at one site and need to be moved to another site. DHCP reservations could still work with clients that move between sites. The DHCP protocol will recognize what network the client is connected to and assign the correct address for that subnet. Using a statically assigned address would be a management problem for mobile clients.
What is the security manager’s reasoning for changing to static IP addresses? Is this the only role this person plays or do the support any client computers at these sites also? If they supported users, then their perspective might change.
In fact, DHCP vs. static IP problem has nothing to do with security… It’s all about manageability, as Labnuke99 stated.
With more than 300 clients it would be crazy to move from DHCP to static IPs.
BR.
To use static ip addressing would seem to be a little unmanageble.
As per previos post DHCP is very secure and far better to implement.
Yeah, this isn’t a security issue. Have him/her to tell you what that’s going to buy in terms of security. If anything it’ll increase your business’s security exposure by creating more complexity in the environment which will inevitably create unnecessary distractions that lead to oversights that lead to security risks. You get my drift.