Consider Assigning Static IPs for a Small LAN


Today, I am going to make a suggestion that could well be tantamount to sacrilege for some - manually assigning IPs to the workstations on your corporate LAN. Before you close your browser or start crafting some nasty replies, though, let me first qualify that such a move is really applicable only for smaller LANs, and would certainly fall flat on its face to an administrator of an enterprise-sized network.


But why would you even want to do that?


Well, in case you haven't read about it yet, a new rash of malware has come into town. This particular Trojan aims to set up shop on just a single machine on your network, after which the malware positions itself as a rogue DHCP server on the compromised workstation. Now, DHCP, or dynamic host configuration protocol, is a standard protocol used to assign IP addresses as well as the address of the domain name server to machines on the network. What most administrators probably do not know is that DHCP works on an "accept-the-first-reply" basis. Assuming a workstation on your network gets infected, what this translates to is the probability that up to half the machines on your network could be using the information supplied by this rogue DHCP at any one time.


And this is where things get nasty. Because this rogue DHCP has been programmed to supply the address of rogue domain name servers, the result is that workstations can effectively be misdirected to malicious sites - to disastrous consequence.


And which is where my suggestion to manually assign IP address - or static IP - comes into play.


Now, there are certainly other ways to defend against such shenanigans at the network layer. However, it will probably entail the use of managed switches, or network monitoring devices - expensive equipment that you are less likely to have in a small and medium-sized business.


In such situations, manually assigning IP and DNS addresses of the workstations in your SMB will help protect your organization - at no additional cost at all. I shall share more in a later blog on some additional strategies you can employ should you use static IP.