Network security, DHCP, and Linux

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I'm setting up a webserver using Linux, Apache, and a fixed IP address.

Clients connecting will be Windows XP Pro.  Their IP addresses are
assigned by DHCP.

The Linux security texts I've consulted talk about network security in
the context of fixed IPs.  That is, things like tcpwrappers, xinetd,
apache configuration files, and packet filtering in the kernel all
imply that one goes about letting hosts connect to the server based on
their IP address.

What to do if the addresses are assigned by DHCP?

TIA.


Re: Network security, DHCP, and Linux
On 6 Jul 2006 10:16:05 -0700
jqpx37@iprive.com wrote:
Quoted text here. Click to load it
...

To get to know the pool of IP addresses assigned by DHCP.

M.


Re: Network security, DHCP, and Linux
In comp.security.firewalls jqpx37@iprive.com wrote:
Quoted text here. Click to load it

Choose a local network. Filter fake traffic away on the zone border.
Allow this local network. Configure DHCP so that only addresses of this
local network are spread locally.

If you have to control physical access, do so - or use 802.1x or
something like that.

Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."

                    Kyle Stedman about "Personal Firewalls" in c.s.f

Re: Network security, DHCP, and Linux
jqpx37@iprive.com (06-07-06 10:16:05):

Quoted text here. Click to load it

You cannot authenticate users by their IP addresses, as they can be
faked easily.  Instead, set up OpenVPN [1] and do your DHCP assignments
there.  Still, every user has their own key, and you can authenticate by
that.

Better yet, use real, user-based authentication instead of host-based.
That's not only easier to set up, but also more secure and more
decentral (users don't have to work on a fixed terminal to do their
work; they can switch easily).


Regards,
E.S.

Re: Network security, DHCP, and Linux


In comp.os.linux.networking jqpx37@iprive.com wrote:
Quoted text here. Click to load it




You need to determine what your Security Policy needs to achieve, and
whether it is affected by the use of DHCP vs static IP addresses.

Until you've done this we cannot help you implement it.
Chris

Re: Network security, DHCP, and Linux


Quoted text here. Click to load it

DHCP is a security nightmare. How can you stop people setting up
"rogue" DHCP servers?


--
            "Other people are not your property."
        [email me at huge [at] huge [dot] org [dot] uk]

Re: Network security, DHCP, and Linux


Quoted text here. Click to load it

Not really, if you control your environment.

Quoted text here. Click to load it

http://www.everything2.com/index.pl?node_id=1671072

cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Re: Network security, DHCP, and Linux


jqpx37@iprive.com wrote:
[...]
In future please set FUT field with crosspost!

--
Damian Szuberski

Site Timeline