發表文章

目前顯示的是 三月, 2014的文章

4ipnet Wireless Access Point Optimization Part 8 of 8

圖片
Today we're putting an end to the wireless access point optimization series by introducing DHCP snooping and layer 2 firewall. Thanks for following through!

DHCP Snooping

In order for a device to begin using network services after connecting to an access point, it must first obtain an IP address from the network’s DHCP server. This is a point of vulnerability, as attackers can install their own DHCP server and assign clients arbitrary IP addresses and default gateways. In the worst case, a rogue DHCP server controlled by a hacker could potentially cause network administrators to lose control of their entire network, which is a major security flaw.

The DHCP SNOOPING feature on 4ipnet APs prevents this type of network failure by allowing network administrators to specify the IP and MAC addresses of trusted DHCP servers. As a result, the APs will filter out DHCP messages from unrecognized servers, preventing them from ever reaching client devices. Although DHCP attacks are typically n…