Implement rigorous physical and perimeter security for your network and be
vigilant in maintaining such security.
Upgrade any lingering Windows NT domains so you can make use of the DHCP
server authorization feature of Active Directory.
Avoid using Windows 2000 or Windows Server 2003 domain controllers as DHCP
servers.
Use reservations for assigning addresses of critical servers on your
network, or use static addresses for them instead.
Rigorous physical security i.e. no unsecured wall jacks, locked doors, staff
trained to recognize social engineering attempts, and so on.
-----Original Message-----
From: Paul Aviles [mailto:paviles (at) adjoined (dot) com [email concealed]]
Sent: 19 January 2005 22:30
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: [Maybe Spam] Dhcp security
I have a weird question maybe. Is there a way to prevent our DHCP from
giving leases to computers not in our domain? I don't want anyone that
walks in to just connect and have the possibility of a network viruses
getting loose. Is this possible?
My setup is a typical AD 2K environment, simple domain no empty root.
vigilant in maintaining such security.
Upgrade any lingering Windows NT domains so you can make use of the DHCP
server authorization feature of Active Directory.
Avoid using Windows 2000 or Windows Server 2003 domain controllers as DHCP
servers.
Use reservations for assigning addresses of critical servers on your
network, or use static addresses for them instead.
Rigorous physical security i.e. no unsecured wall jacks, locked doors, staff
trained to recognize social engineering attempts, and so on.
-----Original Message-----
From: Paul Aviles [mailto:paviles (at) adjoined (dot) com [email concealed]]
Sent: 19 January 2005 22:30
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: [Maybe Spam] Dhcp security
I have a weird question maybe. Is there a way to prevent our DHCP from
giving leases to computers not in our domain? I don't want anyone that
walks in to just connect and have the possibility of a network viruses
getting loose. Is this possible?
My setup is a typical AD 2K environment, simple domain no empty root.
Thanks
Paul
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]