Network Security

[uRock]

This is interesting... please do tell me why STATIC IP addressing would be "more secure" than dynamic.

In a home network environment, assigning static addresses also means that if one connects he/she has to figure out the gateway IP on his/her own because it is not being broadcasted making it much harder to get a base address to use for scanning.(with all the proper settings in place.)

[EJeanmaire]

In a home network environment, assigning static addresses also means that if one connects he/she has to figure out the gateway IP on his/her own because it is not being broadcasted making it much harder to get a base address to use for scanning.(with all the proper settings in place.)

It would be very easy to determine the gateway, no broadcasting required. Infact, 99.999% in a "home" environment that gateway IP is X.X.X.1 . If you want to talk corporate server environment and more complex netmasking we can do that too if you'd like.

Now I'll give you a reason why static is worse. I decide to compete with your computer for that IP address from the gateway resulting in a DOS.

[EJeanmaire]

My point moreso however is that using static or dynamic is a decision made based on your network requirements, not which is "more secure" as they both have pros and cons, which are mostly negligible from a security stand point.

What would have been a MUCH better point on her bullet list would have been the use of internal IP addressing inside the LAN instead of external IP addressing.

[uRock]

It would be very easy to determine the gateway, no broadcasting required. Infact, 99.999% in a "home" environment that gateway IP is X.X.X.1 . If you want to talk corporate server environment and more complex netmasking we can do that too if you'd like.

Now I'll give you a reason why static is worse. I decide to compete with your computer for that IP address from the gateway resulting in a DOS.

You are right about most home routers being something like 192.168.1.1, because most people don't make any changes to their routers.

You can't compete with my computer for its IP, unless you can find its MAC and spoof it. Then I'd notice it immediately and make the necessary changes.

[uRock]

My point moreso however is that using static or dynamic is a decision made based on your network requirements, not which is "more secure" as they both have pros and cons, which are mostly negligible from a security stand point.

What would have been a MUCH better point on her bullet list would have been the use of internal IP addressing inside the LAN instead of external IP addressing.

I agree.

[EJeanmaire]

You can't compete with my computer for its IP, unless you can find its MAC and spoof it. Then I'd notice it immediately and make the necessary changes.

You can certainly take someone's IP address in a static environment, as there is no central management of IP addressing (usually). You just respond to all the ARP requests that you are that address and if you beat out the computer to the request you would get the data (temporarily).

Now if we were talking dynamic, the gateway would be centrally storing the IP/MAC assignments, and I would have to spoof your MAC to play the fun DOS game.

[uRock]

You can certainly take someone's IP address in a static environment, as there is no central management of IP addressing (usually). You just respond to all the ARP requests that you are that address and if you beat out the computer to the request you would get the data (temporarily).

Now if we were talking dynamic, the gateway would be centrally storing the IP/MAC assignments, and I would have to spoof your MAC to play the fun DOS game.

My IPs are assigned to MAC addresses. I do have DHCP running. As I add a new device, I go in and give it a DHCP reservation. I only keep 1 extra IP open for visitors to use, which I randomly connect to the router to make sure it is not in use. I also use the logging features on my router.

[EJeanmaire]

My IPs are assigned to MAC addresses. I do have DHCP running. As I add a new device, I go in and give it a DHCP reservation. I only keep 1 extra IP open for visitors to use, which I randomly connect to the router to make sure it is not in use. I also use the logging features on my router.

You are using that dynamic DHCP blasphemy!! Previous poster would not be happy to see that you are not using the "less secure" ways, as static IP is the way to go.

Joking aside, I'm glad to see that you seem to have things pretty well set up and locked down.

[cariboo]

I set static ip addresses for most of the systems I use on a daily basis, I use the range from 192.168.1.200-254 for static ip addresses and 192.168.1.100-110 for dhcp addresses.

I have personally set the same static ip address on two computers by mistake, for the 15 minutes it took to realize what I'd done, I was getting really weird results. One of the systems is an iMac running Jaunty that I use for an mp3 player, and the other was a desktop system I was playing with, the music would stop and start for no rhyme or reason, and the desktop system would connect, and then drop the connection to the rest of the network.Pinging from an other system gave me different results every time I tried.

[uRock]

You are using that dynamic DHCP blasphemy!! Previous poster would not be happy to see that you are not using the "less secure" ways, as static IP is the way to go.

Joking aside, I'm glad to see that you seem to have things pretty well set up and locked down.

I live in Las Vegas. if you don't lock down your router here, the free loaders will bog your network.