Remote Support Software

Provide instant remote support to customers and employees:

Click here for a free trial

DHCP,DNS & Server Security

Hi,
1.How do i ensure that my DHCP server only issue IPs to machines that are in the domain? (that is a user cant just come and plug in a cable and receive an IP, you can also recommend a better solution to control this if any?)
2.What are some things that i should put in place to ensure security around windows servers against any internal intruder?

3. if am having my server firewall off does it mean am open to any attacks internally? (is firewall a must for security?)Meshax

Need to support users over the internet? click here try our remote control online beta






April 26th, 2012 11:48am
Hi Meshax-
Regarding #1, you can use MAC address-based filtering. It is a built-in feature to 2008 R2 and available as a download for previous versions of Windows Server. See the Windows DHCP Team blog article which covers the feature in detail:
http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx

Regarding #2, this is a pretty broad question. I generally prefer to answer broadly to such questions! I recommend looking at some of the core security concepts: a server patch process, role-based access control, encryption, physical security,
intrusion prevention, and logging/monitoring/auditing. For internal intruders, privilege escalation is a big concern. Physical security is also critical.
Regarding #3, a firewall will allow or deny network communication based on the rules and policies you configure. But it provides only one layer of a multi-layered security strategy. For example, let's assume you have a web server that listens
on port 80. You configure your firewall to only allow port 80 inbound (and some limited set of ports outbound [typical config]). An attacker can compromise the server on port 80 based on an unpatched server, an known or unknown exploit that
targets the web server or application, or via social engineering (gaining valid credentials). The firewall helps in such cases, but not much. If the attacker compromises the server and can execute code, he can go back out on port 80 (or test available
outbound ports until he finds one) and then send back whatever data he's looking for (that is available on the web server such as the SAM database or corporate intellectual property). So even with a firewall, you are still open to attacks both internally
and externally. The only way to close your serveers off to attacks is by taking them off of networks (including the internet)! But in general terms, always think about a multi-layered security strategy.
Brian



Need to support users over the internet? click here try our remote control online beta






April 26th, 2012 10:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics