If not redirected, please click here https://www.thesecuritybuddy.com/network-security/what-is-dhcp-snooping/
DHCP or Dynamic Host
Configuration Protocol is a standardized network protocol that is
used to dynamically distribute network parameters such as IP
addresses to network devices. For example, when a network device in a
network needs a IP address, it requests it to the DHCP server and
automatically gets it, without intervention of the network
administrator.
But, we have already discussed about
attacks like ARP
Spoofing Attack, where an attacker sends a falsified ARP message
to link his IP address to the victim machine's MAC address and
intercepts the traffic of the victim machine to steal sensitive
information.
DHCP Snooping is a security measure using which we
can prevent this type of attacks.
DHCP Snooping is a series of
techniques applied on an existing DHCP infrastructure that works more
like a firewall between untrusted hosts in the network and trusted
DHCP servers.
What are trusted and untrusted hosts
?
In an enterprise network, a trusted
host is a device which is under your administrative control. These
trusted hosts include the switches, routers and servers in the
network.
Any device which is beyond the firewall
or outside the network is an untrusted host.
DHCP Snooping
DHCP Snooping, like a firewall,
validates the DHCP messages and filters out the invalid ones.
Whenever it assigns a IP address to a
untrusted host, maintains the information in a database. It makes
sure hosts use only IP addresses assigned to them.
With DHCP Snooping, only a whitelist of
IP addresses may access the network. The whitelist is configured in
the switchport level and DHCP servers manage the access control.
An attacker controlled DHCP server can
cause malfunction of the network or even can control it. DHCP
Snooping prevents an attacker from adding their own DHCP servers to
the network.
DHCP Snooping is a strong defense
against ARP
Spoofing attack. It checks the source IP address of ARP packets
and if that IP address does not match with the IP address the network
device has previously used, it drops the ARP packet.
Implementations of DHCP
Snooping
There are a couple of
implementations of DHCP Snooping. To mention a few :
- Cisco catalyst switches have inbuilt DHCP Snooping capability
- HP ProCurve switches also have DHCP Snooping capability
- Brocade Communications Systems ICX-series switches and VDX products with layer-3 functionality are capable of running DHCP snooping
- Avaya Ethernet Routing Switches are also capable of DHCP Snooping
So,
be informed about all the security mechanisms so that you can protect your systems in a better way. And stay safe, stay secured.
No comments:
Post a Comment