DHCP Security

Applies To: Windows Server 2008

DHCP is an unauthenticated protocol, which means that when users connect to the network they are not required to provide credentials in order to obtain a lease. An unauthenticated user can obtain a lease for any DHCP client whenever a DHCP server is available to provide a lease, and any option values that the DHCP server provides with the lease, such as WINS server or DNS server IP addresses, are available to the unauthenticated user. If the DHCP client is identified as a member of a user class or vendor class, the options that are associated with the class are also available.

For more information about how DHCP interacts with other networking technologies, including DNS, WINS, and AD DS, see DHCP Interoperability in this guide.

Security design

Because of the unauthenticated nature of DHCP, the first step in designing a secure address allocation service is to limit the number of people authorized to have either physical or logical access to the address allocation server and to ensure that unauthorized persons do not have physical or wireless access to the network.

DHCP servers provide a core infrastructure service to all clients. In an organization that is relying on DHCP to provide IP addresses to the clients, any interruption to the service can cause downtime that can be costly. Unknown or rogue DHCP servers introduced into the network of a large organization can lead to very serious problems.

A rogue DHCP server is an unauthorized system running DHCP software that might configure clients with incorrect IP addresses or reject client renewal requests. The presence of a rogue DHCP server can be malicious or simply a case of someone mistakenly installing the software without understanding the function. In either case, however, clients that obtain a configuration lease from an unauthorized server might fail to locate valid domain controllers and be unable to log on to the network.

The following topics describe security measures to keep unauthorized DHCP servers off of your network and protect against unsecured DNS resource records:

• DHCP Server Authorization

• DNS Record Ownership and the DnsUpdateProxy Group

Important

You should enable audit logging for every DHCP server on your network; this provides the information required to track the source of any attacks made against the DHCP server. You must regularly check the audit log files and monitor them when the DHCP server receives an unusually high number of lease requests from clients.

See Also

Concepts

Design Step 3: Map the Design Configuration to the Hardware and Software Configuration