Showing posts with label DHCP. Show all posts
Showing posts with label DHCP. Show all posts

DHCP Security (Recommendations)

Labels: , 1 comments

I decided to write this article about DHCP security features which i recommend to all admins who are responsible for Domain Controllers, DHCP, DNS, NPS, PKI and etc. What i have observed in my career till so far that many administrators do not configure all DHCP security settings. Below i have mentioned some examples which i have experienced in my career.

 1. We had a host record "WATCH" which was pointing to the IP address of a server. A user came with this home macbook and connected office LAN cable to its macbook. Our bad luck was, his macbook name was also "WATCH" and its IP address was replaced by the IP address of the Macbook.

2. We have a WiFi scope for visitors. So one day, someone came for an interview and connected his iPad to our Visitor Wifi. Suddenly our exchange team emailed me that their "SPAM" server logs have stopped working, please rectify it. When i checked, they used to have a DNS A record by the name of SPAM which was modified by a visitor Wifi IP Address. After check it more, we found that the visitor who came for an interview, his iPad name is SPAM. UUUfffffff..

3. In my first organisation, there was a problem of duplicate host records. And most of the teams like security, exchange and sccm were totally fucked up due to this issue. Issue was like, if you want to deploy something on system A it used to go on system D. If you need to run a script remotely on system D, it used to go on system G. Totally messed.

 Here are the settings which i recommend for every admin.
A. Let DHCP owns DNS records.
B. Name Protection
C. Disable DNS record creation for some scopes.

Read more »
Posted by at Sunday, September 03, 2017

Delegating DHCP Server Administration

Labels: 0 comments

Although it is easy to delegate dhcp server administration tasks but still some admin gets confuse because they treat DHCP delegation as AD delegation or they don't know who to give DHCP delegation access to other users.

Very important to know.
It will not be possible to assign DHCP administration and monitoring privileges to other user accounts on the server.

So, question comes then how to do that. Whenever you install and configure DHCP server role, by default it creates two active directory security account "DHCP Administrators" and "DHCP Users".

Read more »
Posted by at Saturday, September 02, 2017
Subscribe to: Posts (Atom)