What is DHCP?
The DHCP or Dynamic Host Configuration Protocol is a standardized network protocol that is used to dynamically distribute network parameters such as IP addresses to network devices. For example, when a network device in a network needs an IP address, it requests it to the DHCP server and automatically gets it, without the intervention of the network administrator.
What is DHCP snooping?
We have already discussed attacks like the ARP spoofing attack (What is the ARP spoofing attack?), in which an attacker sends a falsified ARP message to link his IP address to the victim machine’s MAC address and intercepts the traffic of the victim machine to steal sensitive information. DHCP Snooping is a security measure using which we can prevent these types of attacks.
DHCP Snooping is basically a series of techniques applied to an existing DHCP infrastructure that works more like a firewall between untrusted hosts in the network and trusted DHCP servers.
What are trusted and untrusted hosts?
In an enterprise network, a trusted host is a device that is under your administrative control. These trusted hosts include the switches, routers, and servers in the network.
Any device which is beyond the firewall or outside the network is an untrusted host.
How does DHCP snooping work?
DHCP snooping, like a firewall, validates the DHCP messages and filters out the invalid ones. Whenever it assigns an IP address to an untrusted host, it maintains the information in a database. It makes sure hosts use only IP addresses assigned to them.
With DHCP Snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at the switch port level. And DHCP servers manage the access control.
An attacker-controlled DHCP server can cause malfunction of the network or even control it. DHCP snooping prevents attackers from adding their own DHCP servers to the network.
DHCP Snooping is a strong defense against the ARP spoofing attacks. It checks the source IP address of ARP packets, and if that IP …
0 Comments