Tuesday, December 8, 2015

What is DHCP Snooping ?

DHCP or Dynamic Host Configuration Protocol is a standardized network protocol that is used to dynamically distribute network parameters such as IP addresses to network devices. For example, when a network device in a network needs a IP address, it requests it to the DHCP server and automatically gets it, without intervention of the network administrator.

But, we have already discussed about attacks like ARP Spoofing Attack, where an attacker sends a falsified ARP message to link his IP address to the victim machine's MAC address and intercepts the traffic of the victim machine to steal sensitive information.

DHCP Snooping is a security measure using which we can prevent this type of attacks.

DHCP Snooping is a series of techniques applied on an existing DHCP infrastructure that works more like a firewall between untrusted hosts in the network and trusted DHCP servers.

What are trusted and untrusted hosts ?

In an enterprise network, a trusted host is a device which is under your administrative control. These trusted hosts include the switches, routers and servers in the network.

Any device which is beyond the firewall or outside the network is an untrusted host.

DHCP Snooping

DHCP Snooping, like a firewall, validates the DHCP messages and filters out the invalid ones.

Whenever it assigns a IP address to a untrusted host, maintains the information in a database. It makes sure hosts use only IP addresses assigned to them.

With DHCP Snooping, only a whitelist of IP addresses may access the network. The whitelist is configured in the switchport level and DHCP servers manage the access control.

An attacker controlled DHCP server can cause malfunction of the network or even can control it. DHCP Snooping prevents an attacker from adding their own DHCP servers to the network.

DHCP Snooping is a strong defense against ARP Spoofing attack. It checks the source IP address of ARP packets and if that IP address does not match with the IP address the network device has previously used, it drops the ARP packet.

Implementations of DHCP Snooping

There are a couple of implementations of DHCP Snooping. To mention a few :

  • Cisco catalyst switches have inbuilt DHCP Snooping capability
  • HP ProCurve switches also have DHCP Snooping capability
  • Brocade Communications Systems ICX-series switches and VDX products with layer-3 functionality are capable of running DHCP snooping
  • Avaya Ethernet Routing Switches are also capable of DHCP Snooping

So, be informed about all the security mechanisms so that you can protect your systems in a better way. And stay safe, stay secured.

No comments:

Post a Comment