DHCP vs Static IP Network

10 pts.
Tags:
DHCP
IP networks
Static IP address
Our security manager is trying to force us to move from a DHCP / Static network to a purely static IP network We have about 300 clients, 70 servers, and 9 offices each on a seperate subnet.

Is / has anyone out there had to move from a DHCP network to a static IP network?

Is anyone using just static IP's on their entire network?

Does this make any sense to folks out there?

I would appreciate any feed back what so ever. Thanks,



Software/Hardware used:
Microsoft windows domain, Cisco routers,

Answer Wiki

Thanks. We'll let you know when a new response is added.

Well if done right – DHCP should not be less secure than Static IPs. Both have their advantages and disadvantages. We use mixed setup – all workstations use DHCP for addressing, all servers use static IPs. To secure DHCP we’ve done couple of things such as static ARP entries on Cisco router for appropriate VLANs and DHCP Snooping on switches. Both static IPs and DHCP require some management effort. I think that DCHP is more secure than Static IP setup if it’s centrally managed. DHCP could be less secure when you allow anyone who just plugged into the wall to get an IP address and go with it, but this also applies to the Static IPs.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    DHCP improves client manageability significantly. It permits you to manage settings from a central location that otherwise would require visiting each and every machine. You could use DHCP with reservations and possibly gain the security that your security manager is looking for while improving the management of the network. If rogue clients are a concern, implement some type of network admission control or rogue detection sensor. Servers and resources like printers should always have static addresses. Clients that move between networks would have issues if they have a static IP address assigned at one site and need to be moved to another site. DHCP reservations could still work with clients that move between sites. The DHCP protocol will recognize what network the client is connected to and assign the correct address for that subnet. Using a statically assigned address would be a management problem for mobile clients. What is the security manager's reasoning for changing to static IP addresses? Is this the only role this person plays or do the support any client computers at these sites also? If they supported users, then their perspective might change.
    32,960 pointsBadges:
    report
  • petkoa
    In fact, DHCP vs. static IP problem has nothing to do with security... It's all about manageability, as Labnuke99 stated. With more than 300 clients it would be crazy to move from DHCP to static IPs. BR.
    3,120 pointsBadges:
    report
  • Chalker
    To use static ip addressing would seem to be a little unmanageble. As per previos post DHCP is very secure and far better to implement.
    60 pointsBadges:
    report
  • Kevin Beaver
    Yeah, this isn't a security issue. Have him/her to tell you what that's going to buy in terms of security. If anything it'll increase your business's security exposure by creating more complexity in the environment which will inevitably create unnecessary distractions that lead to oversights that lead to security risks. You get my drift.
    17,385 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following