niXforums Forum Index
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   PreferencesPreferences   Log in to check your private messagesLog in to check your private messages   Log inLog in 
·  nixdoc.net ·  man pages ·  Linux HOWTOs ·  FreeBSD Tips ·  Forums
navigation Forum index » *nix » Linux » security
Network security, DHCP, and Linux
Post new topic   Reply to topic Page 1 of 1 [8 Posts] View previous topic :: View next topic
Author Message
jqpx37
*nix forums beginner


Joined: 08 Jun 2006
Posts: 10

PostPosted: Thu Jul 06, 2006 5:16 pm    Post subject: Network security, DHCP, and Linux Reply with quote
I'm setting up a webserver using Linux, Apache, and a fixed IP address.

Clients connecting will be Windows XP Pro. Their IP addresses are
assigned by DHCP.

The Linux security texts I've consulted talk about network security in
the context of fixed IPs. That is, things like tcpwrappers, xinetd,
apache configuration files, and packet filtering in the kernel all
imply that one goes about letting hosts connect to the server based on
their IP address.

What to do if the addresses are assigned by DHCP?

TIA.
Back to top
Mikhail Zotov
*nix forums Guru Wannabe


Joined: 28 Feb 2005
Posts: 134

PostPosted: Thu Jul 06, 2006 5:31 pm    Post subject: Re: Network security, DHCP, and Linux Reply with quote
On 6 Jul 2006 10:16:05 -0700
jqpx37@iprive.com wrote:
Quote:
Clients connecting will be Windows XP Pro. Their IP addresses are
assigned by DHCP.

....

What to do if the addresses are assigned by DHCP?

To get to know the pool of IP addresses assigned by DHCP.

M.
Back to top
Volker Birk
*nix forums beginner


Joined: 01 Aug 2005
Posts: 6

PostPosted: Thu Jul 06, 2006 7:39 pm    Post subject: Re: Network security, DHCP, and Linux Reply with quote
In comp.security.firewalls jqpx37@iprive.com wrote:
Quote:
The Linux security texts I've consulted talk about network security in
the context of fixed IPs. That is, things like tcpwrappers, xinetd,
apache configuration files, and packet filtering in the kernel all
imply that one goes about letting hosts connect to the server based on
their IP address.
What to do if the addresses are assigned by DHCP?

Choose a local network. Filter fake traffic away on the zone border.
Allow this local network. Configure DHCP so that only addresses of this
local network are spread locally.

If you have to control physical access, do so - or use 802.1x or
something like that.

Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."

Kyle Stedman about "Personal Firewalls" in c.s.f
Back to top
Ertugrul Soeylemez
*nix forums Guru Wannabe


Joined: 28 Oct 2005
Posts: 126

PostPosted: Thu Jul 06, 2006 11:18 pm    Post subject: Re: Network security, DHCP, and Linux Reply with quote
jqpx37@iprive.com (06-07-06 10:16:05):

Quote:
I'm setting up a webserver using Linux, Apache, and a fixed IP address.

Clients connecting will be Windows XP Pro. Their IP addresses are
assigned by DHCP.

The Linux security texts I've consulted talk about network security in
the context of fixed IPs. That is, things like tcpwrappers, xinetd,
apache configuration files, and packet filtering in the kernel all
imply that one goes about letting hosts connect to the server based on
their IP address.

What to do if the addresses are assigned by DHCP?

You cannot authenticate users by their IP addresses, as they can be
faked easily. Instead, set up OpenVPN [1] and do your DHCP assignments
there. Still, every user has their own key, and you can authenticate by
that.

Better yet, use real, user-based authentication instead of host-based.
That's not only easier to set up, but also more secure and more
decentral (users don't have to work on a fixed terminal to do their
work; they can switch easily).


Regards,
E.S.
Back to top
chris-usenet@roaima.co.uk
*nix forums Guru Wannabe


Joined: 21 Jul 2005
Posts: 127

PostPosted: Fri Jul 07, 2006 8:42 am    Post subject: Re: Network security, DHCP, and Linux Reply with quote
In comp.os.linux.networking jqpx37@iprive.com wrote:
Quote:
I'm setting up a webserver using Linux, Apache, and a fixed IP address.

Clients connecting will be Windows XP Pro [...] assigned by DHCP.

The Linux security texts I've consulted talk about network security in
the context of fixed IPs. [...]

What to do if the addresses are assigned by DHCP?

You need to determine what your Security Policy needs to achieve, and
whether it is affected by the use of DHCP vs static IP addresses.

Until you've done this we cannot help you implement it.
Chris
Back to top
Damian 'LegioN' Szuberski
*nix forums beginner


Joined: 07 Jul 2006
Posts: 1

PostPosted: Fri Jul 07, 2006 1:03 pm    Post subject: Re: Network security, DHCP, and Linux Reply with quote
jqpx37@iprive.com wrote:
[...]
In future please set FUT field with crosspost!

--
Damian Szuberski
Back to top
Huge
*nix forums Guru Wannabe


Joined: 22 Feb 2005
Posts: 188

PostPosted: Sat Jul 08, 2006 8:36 am    Post subject: Re: Network security, DHCP, and Linux Reply with quote
On 2006-07-07, Chris Davies <chris-usenet@roaima.co.uk> wrote:
Quote:
In comp.os.linux.networking jqpx37@iprive.com wrote:
I'm setting up a webserver using Linux, Apache, and a fixed IP address.

Clients connecting will be Windows XP Pro [...] assigned by DHCP.

The Linux security texts I've consulted talk about network security in
the context of fixed IPs. [...]

What to do if the addresses are assigned by DHCP?

You need to determine what your Security Policy needs to achieve, and
whether it is affected by the use of DHCP vs static IP addresses.

Until you've done this we cannot help you implement it.

DHCP is a security nightmare. How can you stop people setting up
"rogue" DHCP servers?


--
"Other people are not your property."
[email me at huge [at] huge [dot] org [dot] uk]
Back to top
Ansgar -59cobalt- Wiecher
*nix forums beginner


Joined: 08 Jul 2006
Posts: 1

PostPosted: Sat Jul 08, 2006 5:02 pm    Post subject: Re: Network security, DHCP, and Linux Reply with quote
In comp.security.firewalls Huge <Huge@nowhere.much.invalid> wrote:
Quote:
On 2006-07-07, Chris Davies <chris-usenet@roaima.co.uk> wrote:
You need to determine what your Security Policy needs to achieve, and
whether it is affected by the use of DHCP vs static IP addresses.

Until you've done this we cannot help you implement it.

Not really, if you control your environment.

Quote:
How can you stop people setting up "rogue" DHCP servers?

http://www.everything2.com/index.pl?node_id=1671072

cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Back to top
Google
Back to top
Display posts from previous:   
Post new topic   Reply to topic Page 1 of 1 [8 Posts] View previous topic :: View next topic
The time now is Sun Nov 23, 2008 11:11 am | All times are GMT
navigation Forum index » *nix » Linux » security
Jump to:  

Similar Topics
Topic Author Forum Replies Last Post
No new posts Help required for configuring the VPN Server in Linux SHERDIL security 0 Sun Nov 19, 2006 2:22 pm
No new posts make printer network available Johann Höchtl networking 0 Fri Jul 21, 2006 9:01 am
No new posts [MailServer Notification]Security Notification <marcorisi@finsiel.it& devel 0 Fri Jul 21, 2006 8:10 am
No new posts 2 USB webcams on Linux 2.6.15.4 produce a hang Suyog hardware 1 Fri Jul 21, 2006 7:27 am
No new posts Is there C/C++ corresponding function in Linux for Java's... xiebopublic@gmail.com apps 4 Fri Jul 21, 2006 3:22 am

Mortgage | Record Internet Radio with Tags | Credit Cards | Mortgages | MPAA
Copyright © 2004-2005 DeniX Solutions SRL
 
Other DeniX Solutions sites: Unix/Linux blog |  electronics forum |  medicine forum |  science forum | 
Privacy Policy


Powered by phpBB © 2001, 2005 phpBB Group

[ Time: 0.2851s ][ Queries: 16 (0.1925s) ][ GZIP on - Debug on ]