Consider Assigning Static IPs for a Small LAN

Paul Mah

Today, I am going to make a suggestion that could well be tantamount to sacrilege for some - manually assigning IPs to the workstations on your corporate LAN. Before you close your browser or start crafting some nasty replies, though, let me first qualify that such a move is really applicable only for smaller LANs, and would certainly fall flat on its face to an administrator of an enterprise-sized network.

 

But why would you even want to do that?

 

Well, in case you haven't read about it yet, a new rash of malware has come into town. This particular Trojan aims to set up shop on just a single machine on your network, after which the malware positions itself as a rogue DHCP server on the compromised workstation. Now, DHCP, or dynamic host configuration protocol, is a standard protocol used to assign IP addresses as well as the address of the domain name server to machines on the network. What most administrators probably do not know is that DHCP works on an "accept-the-first-reply" basis. Assuming a workstation on your network gets infected, what this translates to is the probability that up to half the machines on your network could be using the information supplied by this rogue DHCP at any one time.

 

And this is where things get nasty. Because this rogue DHCP has been programmed to supply the address of rogue domain name servers, the result is that workstations can effectively be misdirected to malicious sites - to disastrous consequence.

 

And which is where my suggestion to manually assign IP address - or static IP - comes into play.


 

Now, there are certainly other ways to defend against such shenanigans at the network layer. However, it will probably entail the use of managed switches, or network monitoring devices - expensive equipment that you are less likely to have in a small and medium-sized business.

 

In such situations, manually assigning IP and DNS addresses of the workstations in your SMB will help protect your organization - at no additional cost at all. I shall share more in a later blog on some additional strategies you can employ should you use static IP.



Add Comment      Leave a comment on this blog post

Mar 22, 2009 4:03 AM Netbook Forum Netbook Forum  says:

You could also just assign static DNS entries. While it is almost as much work as assigning static IPs themselves, it would take away the task of maintaining IP spreadsheets/lists.

Reply
Mar 23, 2009 2:08 AM Paul Mah Paul Mah  says: in response to Netbook Forum

Yes, this would certainly work.  And without the hassle of maintaining lists of IP addresses to boot.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data