No announcement yet.

DHCP security

  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP security

    Is it possible to allow only PCs belonging to a certain domain to get DHCP addresses?

    I am trying to think how this is even possible since DHCP is broadcast based...

  • #2
    Re: DHCP security

    There's no way I know of to shore up access to DHCP itself. I mean, you could introduce some kind of NAC solution, to keep unauthorized machines from connecting to your network, but I don't imagine it is either cheap or easy.

    Is there some specific type of behavior you're trying to prevent?


    • #3
      Re: DHCP security

      If you are running 2008 or above, you could look into Network Access Protection (NAP) and see if it can be used this way (it is not designed for it, but will certainly work with DHCP clients and has a large number of rules for allowing/denying access)
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: DHCP security

        It's definitely possible with NAP
        and may also be possible using IPSEC IIRC.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        Cruachan's Blog