Q

Prevent unauthorized systems from accessing your network

Right now I'm using Microsoft's DHCP service on a Windows 2000 Server. The problem is that anyone who plugs into the network can get an address. We would only like to give out IPs for those who have registered their MAC address with our IT department.
There are a couple of approaches to this. However, depending on the size of your environment, they may be cost prohibitive to implement. First, if you have maintained a registry of all MAC addresses in your environment, you can configure the DHCP server with nothing but reservations. This will ensure that the only systems that the DHCP server will service a DHCP request from are registered MAC addresses. However, in my opinion, the maintenance and upkeep of this would be virtually impossible.

An alternative is to address the issue with 802.1x port security in your switches. After all, I suspect that ultimately you want to prevent unauthorized systems from gaining access to your network -- not necessarily prevent them from getting an IP address from the DHCP server. 802.1x port security will ensure that only authenticated systems can access any network resources in your environment. 802.1x configurations depend on your switch...

vendors capabilities, but here is a set of instructions for Cisco 2950 and 2955 series switches. In addition, I covered 802.1x for Cisco IOS based switches in detail in chapter 9 of Hardening Network Infrastructure and would encourage you to check it out for more details.

This was first published in February 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close