Header
Home | Sitemap  
Sections
Archive
Su Mo Tu We Th Fr Sa
1
2345678
9101112131415
16171819202122
23242526272829
30
Syndication


Home : Wi-Fi Security : Using DHCP Services for Authentication

Using DHCP Services for Authentication

by

image

 

Using DHCP Services for Authentication

The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network, handling the authentication of users, and assigning unique IP addresses to incoming network access requests. Network administration is simplified because the DHCP server automates the task of keeping track of IP addresses, eliminating the need to manage the task manually. New computers can be added to a network without having to manually assign each a unique IP address. Because WLANs are not physically secured, DHCP can provide added value by allocating IP addresses only to authorized network users.

Unfortunately, it is not uncommon for wireless networks to grant an IP address to an unauthorized wireless client. This allows a hacker to use an organization's bandwidth to surf the Web, browse network resources, or investigate the network for security vulnerabilities. Obviously, this practice is unacceptable and provides tremendous impetus to employ authentication measures as well as the use of static IP assignments.

RFC 3118 [1] adds authentication to DHCP and allows a client to verify whether a particular DHCP server can be trusted and whether a request for DHCP information comes from a client that is authorized to use the network. This two-way authentication in DHCP provides the added security benefit of helping to prevent rogue (and possibly malicious) DHCP clients and servers from mounting DoS attacks or gaining unauthorized access to an organization's network. RFC 3118 defines a technique that can provide both entity authentication and message authentication. This enables an authenticating DHCP client to confirm the identity of the DHCP server it chooses in an unsecured network environment. This functionality is very useful for both a standard corporate Ethernet network and a cable-based Internet Service Provider (ISP).

RFC 3118 authentication requires that RFC-compatible software be implemented on all computers attached to the network and that existing DHCP servers be upgraded to support it. DHCP authentication must also devise an authentication key scheme and distribute it to all authenticated DHCP clients. After upgraded DHCP clients and servers are in place, and the keys have been distributed, the DHCP clients will automatically authenticate themselves. Many of today's directory services can restrict use of both DHCP and DNS based on authentication, and some even have rogue DHCP server detection features.

Because DHCP allows a client to easily join a network, there are risks of DoS attacks, hijacking, and theft of services. DHCP prevents rogue and malicious DHCP clients and servers from authenticating to each other, thereby eliminating their ability to conduct DoS attacks or gain unauthorized access to the network. DHCP authentication and assignment of static IPs can help mitigate the risk of these types of attacks. There are, however, other potential risks of DoS attacks, hijacking, and theft of services. Windows 2000 and XP clients automatically renew their DHCP lease when their data link layer connection is broken and subsequently reestablished [2]. If a hacker hijacks the data link connection of the authorized user, the authorized user is no longer able to access the home network. The DSSS channel in a wireless network can be jammed, causing an authorized user to roam to a channel with less interference. By running a rogue software AP on a laptop computer, along with DHCP server software, a hijacker can jam nearby APs, causing authorized users to roam to the hacker's network. After authorized clients roam and lease an IP address from the rogue DHCP server, these clients can then be easily attacked using intrusion software in a peer-to-peer fashion through the AP. Both a DoS attack and hijacking can occur at Layers 2 and 3 of the OSI model. Theft of service results from an attacker gaining access to an open network without permission. In most cases, this will result in gaining the use of free network resources such as Internet access. This type of access can also result in unauthorized access to sensitive information, corporate secrets, applications, or even the ability to reconfigure portions of the network to allow further access. The use of authenticated DHCP and static IP addresses can mitigate the risk of theft of services

207 times read

Related news
» Host Configuration
by admin posted on Jun 27,2007
» Client Hijacking
by admin posted on Oct 13,2007
» OS Fingerprinting and Port Scanning
by admin posted on Oct 12,2007
» Static Versus Dynamic IP Addresses
by admin posted on May 18,2007
» NAT and DHCP
by admin posted on Oct 29,2006


More Top News
Cisco Wireless Networking
arrow What is a WLAN?
arrow How does a Wireless LAN Work?
arrow WLAN Benefits
arrow WLAN Design Considerations
arrow Accounting for the Fresnel Zone and Earth Bulge
arrow Radio Frequency Interference
arrow Interference from Radio Transmitters
arrow Harmonics
arrow Application Considerations
arrow Structural Considerations
arrow Security Considerations
arrow Network Management Considerations
arrow WLAN Modes of Operation
arrow What is a Wireless-aware LAN?
arrow Wireless-aware LAN Benefits
arrow Wireless Domain Services for IEEE 802.1X Local Authentication Service and Fast Secure Roaming Support
arrow Rogue AP Detection and Locatio
arrow Interference Detection to Isolate and Locate Network Interference
arrow Simplified WLAN Deployment Processes with Assisted Site Surveys
arrow Streamlined WLAN Management and Operations Support
arrow Seamless Delivery of Enhanced Network Security Solutions
arrow Radio Frequency (RF) Basics
arrow Transmitting Radio Signals over EM Waves
arrow Rogue AP Detection and Locatio
arrow Anatomy of a Waveform
arrow Propagating a Strong Radio Signal
arrow Understanding Signal Power and S/N Ratio
arrow Attenuation
arrow Bouncing
arrow Who Uses Wireless Technology?
arrow Wireless Security Filtering
arrow Wireless Security WPA
Most Popular
Featured Author

admin

image
wireless Business Project Management Beautiful Pictures
Website Statistics