Restrict client DHCP Leases

J

Jesse

Hi-

Is there a way in Windows 2000 to restrict unauthorized
DHCP client machines from recieving an IP Addresses? I
am looking for a way to prevent rouge machines from being
on our internal network without being authorized. This
would greatly improve the security of our network,
expecially preventing viruses coming from contractor's
laptops.

Any thoughts?

Thanks in advance,
Jesse
 
M

Marc Reynolds [MSFT]

DHCP does not have security of this type. The best you could do is to create
a DHCP reservation for each of your "authorized" clients and exclude any
unused addresses in your scope. When a "rogue" client plugs into the network
they won't be able to get an IP address.

Of course you need to realize that it is quite easy for someone to determine
the proper IP address range on your LAN and statically configure their rogue
client to work on your LAN. 802.1x security can help prevent this, but is
expensive as you need hardware that support 802.1x authentication.
Perhaps the best thing you can do is to have a clear, strong network
security policy and make sure resources are locked down to only
authenticated, authorized users. That way when a "rogue" user does get
physical access on your LAN there is not much he/she can access.

--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
N

nut cracker

what types of access are you worried about? people bringing thier laptops
into work... using wireless cards.. ???

To limit machines that can "plug in", DHCP reservations is more
administration, but will get the job done. If your problem is logical (like
with wireless cards), then setup a wireless VLAN that requires a client of
some kind to get through the perimeter device, and onto the network.

Something like using the old Bay Networks, Nortel "instant internet"
routers, and thier little client tool thingy. You couldnt get past the
router to the internet (or other network segments) unless you had this
little tool, and it was "allowed" to get throught the router.

NuTs
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Restrict DHCP Leases 1
unknown RAS leases in DHCP server 5
Restrict DHCP 9
DHCP Scope Filling Up & Address Leases Showing IP Addresses for Na 0
Windows 2000 DHCP restricting Windows 2000/XP's request 2
unknown RAS dhcp leases 2
Restrict Router Use 5
DHCP client disrupts DHCP server 2

Top