Three easy steps to make the DHCP server airtight

Source: Internet
Author: User
Keywords Security DHCP server

DHCP is the abbreviation for Dynamic Host revisit Kyoto, which is one of the TCP/IP protocol clusters, and is used primarily to assign dynamic IP addresses to network clients. These assigned IP addresses are reserved by the DHCP server as a set of addresses consisting of multiple addresses, and they are generally a contiguous address. Most enterprise networks now use a DHCP server to uniformly assign TCP/IP configuration information to clients. This method not only reduces the daily maintenance workload of the network administrator, but also improves the security of the Enterprise network. However, the security of the DHCP server can not be ignored, it once the problem, it will affect the normal operation of the network, how to strengthen the management of the DHCP server, to ensure its security? In fact, a few simple steps can be achieved. The first step is to enable DHCP audit records what is going on in the DHCP server, the administrator can not detect by the naked eye, the easiest way is to view the Windows log, but be sure to enable the DHCP server audit logging feature, otherwise, You cannot find the corresponding record in Event Viewer. The author takes Windows 2000 Server for example, click "Start → program → admin tool →dhcp", pop-up DHCP console window, right click on your server, select "Properties" in the menu, Pop-up Properties Settings dialog box, switch to the "General" tab (Figure 1), make sure to select " Enable DHCP audit logging option, and then click OK. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height=329 alt= ' "src="/files/uploadimg/20090203/ 0948100.jpg "width=300> Figure 1 start DHCP audit record This enables the DHCP server audit record, whose log files are saved by default in the" C:\WINNT\System32\dhcp "directory. To prevent rogue from malicious deletion of the log, you can modify the storage path of the DHCP log file. Switch to the Advanced tab (Figure 2), click the "Browse" button in the "Audit log path" bar, specify the location of the new log file, and then use the same method to modify the "database path" and finally click "OK". In this way, our DHCP logs are more secure. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height=331 alt= ' "src="/files/uploadimg/20090203/0948101.jpg "Width=300> Figure 2 Modify the DHCP log save path Step two, specify DHCP management users in the enterprise network, in order to strengthen the management of the DHCP server, the network administrator specifies one or several users to administer the DHCP server. If the author wants to specify the account name "CCE" Users can manage DHCP, in Windows 2000 Server, access to the control Panel → Administrative Tools, run the Active Directory Users and Computers tool, in the pop-up window, click the "Users" option, Then locate the "DHCP Administrators" item in the right-hand box, right-click, select Properties, eject the DHCP Administrators Properties dialog box, switch to the Members tab, click the "Add" button, and add the "CCE" User to the list box. Finally click on the "OK" button, so that "CCE" users can manage the DHCP server. Step three, restrict DHCP management users if a network administrator accidentally fails to join other users to the DHCP administrative group, those users also have administrative rights to the DHCP server, which can also affect the security of the DHCP server. How do you restrict these DHCP management group users? Why not use the domain security policy to add a "double insurance" to the DHCP server. If the author only allows CCE users of the DHCP management group, the DHCP server has administrative rights, while other users have only read-only permissions. Go to control Panel → Administrative Tools, run the Domain Security Policy tool, eject the Security Policy Console window, expand Windows settings → security → restricted groups, and then right-click in the blank space in the right box, select Add Group, eject the Add Group dialog box, and then type in the column. DHCP Administrators ", click" OK "button. Then right click on "DHCP Administrators", select "Security", Pop-up Configuration Membership dialog box, click the "Add" button, add "CCE" user to the member list, finally click "OK". Through the above three steps, the DHCP server is more secure, interested readers friends, not to try.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.