Introduction
DHCP is the Dynamic Host Configuration Protocol and is vital to an enterprise or small business. Securing this protocol on your LAN is one of the things that will help your company do a defense in depth approach to security. DHCP is secured by using certain configurations for DHCP Snooping and Dynamic ARP Inspection (DAI).
The DHCP Process that a client goes through to establish a dynamic IP address is called the DORA process. DORA is an acronym that Stands for Discover, Offer, Request and Acknowledgement.
This process starts with the client making a discovery ARP request for the DHCP server, the server then sends an Offer message to the client offering the IP address that it gives out for that client. The Client then sends a request for that IP address and the Acknowledgement from the server completes the DORA process.
APIPA
The Automatic Private IP Addressing range is the 169.254.X.X range and is used if there is a problem with the DHCP Process for that client. This address range is for automatically assigning the client with a dynamic IP address using itself as the DHCP server as a backup to not having an IP address.
Securing DHCP
There are some ways that you can secure DHCP using the IP Helper Address and DHCP trusted links. These work in conjunction with DAI and DHCP Snooping n order to provide the security needed to do defense in depth for DHCP. For DHCP Snooping on Cisco devices there is a way to create a binding database for trusted and untrusted ports connected to a DHCP Server.
In addition to the DHCP Snooping there is Dynamic ARP Inspection which validates ARP packets against the trusted binding database which prevents ARP Spoofing and untrusted ARP traffic from getting used maliciously for DHCP related attacks. Dynamic ARP Inspection is typically used with DHCP Snooping to create a binding database.
Conclusion
By securing DHCP there is a better defense in depth allocation for this protocol using the DAI and DHCP Snooping technology on Cisco devices. I have also been doing some things on TryHackMe and am now a top fan of TryHackMe in addition to being ranked 7360 with 237 rooms completed and 35 badges.
I am posting this blog post on aaron597.com and will be able to post this one on Medium as well. There are some more technologies that I would like to write about regarding Cisco and Microsoft technologies. This is more of what I would like to write about on the aaron597.com blog.