Network Security: DHCP and Rogue Devices

DHCP (Dynamic Host Configuration Protocol)

• Purpose: Assign IP addresses automatically.
• Process: Occurs every time a device connects to the network.
• Benefit: Network administrators don’t need to manually assign IP addresses.
• Security Issue: No inherent security; attackers can set up rogue DHCP servers.
  • Results in invalid or duplicate IP addresses.
  • Leads to intermittent or no connectivity for affected devices.

Preventing Rogue DHCP Servers

• Monitoring: Constantly monitor for unauthorized DHCP communication.
• DHCP Snooping: A switch feature that detects and blocks rogue DHCP servers.
• Microsoft Networks: Authorize DHCP servers in Active Directory.
• Actions if Rogue DHCP is found:
  • Disable the interface the rogue DHCP server is on.
  • Instruct devices to release and renew their IP leases.

Rogue Access Points

• Definition: Unauthorized wireless access points connected to the network.
• Concerns: Security risks due to potential unauthorized access.
• Installation: Easy to install, can be inexpensive, or can be created via wireless sharing on a device.
• Detection: Security teams perform periodic wireless surveys.
• Prevention: Enable 802.1x or Network Access Control (NAC).
  • Requires proper authentication before granting network access.

Wireless Evil Twin

• Definition: A malicious wireless access point designed to mimic legitimate ones.
• Purpose: Gather information from connected devices or perform phishing attacks.
• Characteristics:
  • Similar SSID and security settings as legitimate access points.
  • Strong radio signal to overpower legitimate access points.
• Risk Areas: Open Wi-Fi hotspots and public areas.
• Protection:
  • Use a Virtual Private Network (VPN).
  • Ensure all communication is encrypted (e.g., HTTPS).