Newsletters Welcome, Guest Log In | Register
Blogs:

Paul Mah

SMB Tech

Expert tech insight and advice for small businesses with big goals

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

2

Consider Assigning Static IPs for a Small LAN

Posted by Paul Mah Mar 20, 2009 1:35:08 PM

Today, I am going to make a suggestion that could well be tantamount to sacrilege for some - manually assigning IPs to the workstations on your corporate LAN. Before you close your browser or start crafting some nasty replies, though, let me first qualify that such a move is really applicable only for smaller LANs, and would certainly fall flat on its face to an administrator of an enterprise-sized network.

 

But why would you even want to do that?

 

Well, in case you haven't read about it yet, a new rash of malware has come into town. This particular Trojan aims to set up shop on just a single machine on your network, after which the malware positions itself as a rogue DHCP server on the compromised workstation. Now, DHCP, or dynamic host configuration protocol, is a standard protocol used to assign IP addresses as well as the address of the domain name server to machines on the network. What most administrators probably do not know is that DHCP works on an "accept-the-first-reply" basis. Assuming a workstation on your network gets infected, what this translates to is the probability that up to half the machines on your network could be using the information supplied by this rogue DHCP at any one time.

 

And this is where things get nasty. Because this rogue DHCP has been programmed to supply the address of rogue domain name servers, the result is that workstations can effectively be misdirected to malicious sites - to disastrous consequence.

 

And which is where my suggestion to manually assign IP address - or static IP - comes into play.

 

Now, there are certainly other ways to defend against such shenanigans at the network layer. However, it will probably entail the use of managed switches, or network monitoring devices - expensive equipment that you are less likely to have in a small and medium-sized business.

 

In such situations, manually assigning IP and DNS addresses of the workstations in your SMB will help protect your organization - at no additional cost at all. I shall share more in a later blog on some additional strategies you can employ should you use static IP.

Related Content

Add a comment Leave a comment on this blog post.
Mar 22, 2009 4:03 AM Guest Netbook Forum  says:

You could also just assign static DNS entries. While it is almost as much work as assigning static IPs themselves, it would take away the task of maintaining IP spreadsheets/lists.
Reply
Mar 23, 2009 2:08 AM Paul Mah Paul Mah    says in response to Netbook Forum:

Yes, this would certainly work.  And without the hassle of maintaining lists of IP addresses to boot.

Reply

Related Content

Browse

Topic: Network Security

Protect and preserve your network, your data and the life of your business

Blog: Communicating E-Commerce Security Efforts with Consumers

Article: NSF Problem Proves Basic Content Filtering No Longer Enough

White Paper: Bullet-Proofing Instant Messaging

Related Topics

LAN, Network Protocols, SMBs, Trojans

Featured White Papers

Browse

Buyer's Guide for Enterprise Single Sign-On

This white paper offers a thorough checklist that should enable potential ESSO implementers to deploy the right ESSO solution, to help eliminate sign-on problems, reduce helpdesk costs, maximize user productivity, strengthen security, simplify administration and accelerate regulatory compliance.

Seven Design Requirements for Web 2.0 Threat Prevention

This white paper outlines the new Web 2.0 threats, explains why most existing security solutions can't provide adequate protection, and proposes seven design requirements for Web 2.0 threat protection.

Resource Centers

Browse

Data Loss Protection

Data-loss prevention tactics, technologies and best practices to protect your sensitive and valuable company data.

Featured Whitepapers

Realizing Enhanced Productivity and Timely ROI from Your DLP Security Technology

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Security SaaS Solutions

Hosted security solutions that not only protect your data, but reduce your security management TCO, as well.

Featured Whitepapers

Why Security SaaS Makes Sense Today

Premium Tools

Browse

IT Security Manual Template

Immediately download a customizable set of documents and templates that covers every aspect of IT Security. These templates are compliant with ISO27000, HIPPAA and Sarbanes oxley standards.

Learn more >

The IT Governance and Compliance Toolkit

This Toolkit is a collection of templates and instructional documents that help you assess and establish the crucial policies that you need to operate a secure and compliant IT organization.

Learn more >