Problem solve Get help with specific problems with your technologies, process and projects.

Prevent unauthorized systems from accessing your network

Right now I'm using Microsoft's DHCP service on a Windows 2000 Server. The problem is that anyone who plugs into the network can get an address. We would only like to give out IPs for those who have registered their MAC address with our IT department.
There are a couple of approaches to this. However, depending on the size of your environment, they may be cost prohibitive to implement. First, if you have maintained a registry of all MAC addresses in your environment, you can configure the DHCP server with nothing but reservations. This will ensure that the only systems that the DHCP server will service a DHCP request from are registered MAC addresses. However, in my opinion, the maintenance and upkeep of this would be virtually impossible.

An alternative is to address the issue with 802.1x port security in your switches. After all, I suspect that ultimately you want to prevent unauthorized systems from gaining access to your network -- not necessarily prevent them from getting an IP address from the DHCP server. 802.1x port security will ensure that only authenticated systems can access any network resources in your environment. 802.1x configurations depend on your switch vendors capabilities, but here is a set of instructions for Cisco 2950 and 2955 series switches. In addition, I covered 802.1x for Cisco IOS based switches in detail in chapter 9 of Hardening Network Infrastructure and would encourage you to check it out for more details.

Dig Deeper on Windows 10 security and management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.