Databus Issue: 2007 3 09/17/2007
Best Practices
Phil Scrivano vice president of customer servicesDHCP - Dynamic Host Configuration Protocol
PDF
When I first started bringing Internet
resources into the educational setting,
we used public addresses statically assigned to
each computer. The following year students
started hosting web pages on local computers.
To address this issue we utilized our Microsoft
NT 4 server to deploy DHCP and set the
lease time to two hours. This assured that
each computer address would change dependent
on when the computer would start in the
morning.
Today most of us sit comfortably behind firewalls
and use private IP addresses. DHCP addresses
are delivered from servers, routers, switch equipment
and sometimes by wireless devices. The most
common lease time is three days.
The following list of best practices for
DHCP is based on my experience in network
engineering and forensic investigations. The
goals are to create less work for the network
administrator, increase reliability and
enhance reporting and forensic investigating
if the need arises.
1. Set the lease time to one year or infinity
if available. Most reporting software will
base identifying information on the IP
address and then associate this address
with other items such as machine name
and user identification. A
stable address pool gives
more reliability to your
reports. In a best case scenario,
you can associate an
IP address to a computer
and witness who is at that computer at a
given time.
2. Deliver all DHCP addresses from a central
location. Use router configurations and
VLans to deliver addressing to each site
across the WAN.
3. Create class “B” address pools for each
physical site in your network. As an example,
each school site has a separate class
“B” address. 10.1.x.x
4. Reserve sets of IP addresses in each class
“C” address pool that you use. As an
example, all routing and switching equipment
has addresses between x.x.x.1
and x.x.x.10. All printers retain a static
address between x.x.x.20 and x.x.x.30.
