Microsoft® Windows® Security Resource Kit, Second Edition

Securing DHCP Servers

You can take several measures to prevent attacks against DHCP servers and DHCP clients. These measures range from monitoring membership in the DHCP Administrators group to performing specific DHCP service configuration. Specifically, consider the following measures:

Keep default name registration behavior.
Determine which account to include in the membership of the DnsUpdateProxy group.
Review the DHCP database frequently for BAD_ADDRESS entries.
Monitor membership in the DHCP Administrators group.
Enable DHCP auditing.

Keeping Default Name Registration Behavior

By default, when a DHCP client obtains IP configuration information from a DHCP server, the DHCP server registers the PTR resource record for the client and the client ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Securing DHCP Servers

Keeping Default Name Registration Behavior

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly