Presentation is loading. Please wait.

Presentation is loading. Please wait.

DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.

Published byLionel Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary."— Presentation transcript:

1 DHCP Vrushali sonar

2 Outline DHCP DHCPv6 Comparison Security issues Summary

3 The Need For DHCP IP needs to know the IP address of the computer. It can be configured manually and locally for each computer. BUT if Manually –A lot of manual work is required –Keeping the parameters up-to-date is not a one-time effort –A change in a parameter common to all the computers in a subnet forces changes in each computer on the net –Some systems may not have a permanent storage device to store the configuration parameters –Shortage of IP addresses makes it a waste to give a computer a permanent address

4 DHCP Introduction DHCP is an extension of the BOOTP mechanism –BOOTP (Bootstrap Protocol). Provides an alternative to RARP for a diskless workstation to determine its IP address. DHCP provides configuration parameters to Internet hosts in a client-server model DHCP hosts allocate network addresses and deliver configuration parameters to other (client) hosts DHCP consists of 2 components –One for delivering host-specific configuration parameters from a server to a host –One for allocation of network addresses to hosts

5 DHCP Introduction DHCP supports 3 mechanisms for IP address allocation –Automatic allocation: Host gets permanent address –Dynamic Allocation: Address has expiration time –Manual allocation: Fixed mapping

6 DHCP Introduction DHCP supports the BOOTP relay agent behavior DHCP can work across routers or through the intervention of BOOTP relay agents A relay agent listens to DHCP messages and forwards them on. Relay agent and server exchange messages using unicast UDP –Servers can be located anywhere on intranet –Servers can be centrally located for ease of administration This eliminates the necessity of having a DHCP server on each physical network

7 DHCP Introduction Client/Server Model Client and server negotiate in a series of messages to get the needed parameters This process involves more than one server but only one server is selected by the client

8

9 DHCP v6 IP Version 6 is a new internet protocol to replace IP. Includes new features for host configuration: –Router advertisement –Autoconfiguration: Stateless & Stateful –Link-local addresses: Each node equips itself with a link-local address Simplify and generalize the operation of DHCPv6 clients

10 DHCP v6 IPv6 defines 2 classifications of address autoconfiguration –Stateless:without registration –Stateful:Obtain from a server DHCP is for stateful address address autoconfiguration

11 DHCPv6 Protocol Design Model Agent: either a server or a relay. Server keeps a binding for each client, which records all the resources allocated to that client. DHCP client bindings are indexed by the client’s link-local address and its agent’s prefix

12 DHCPv6 Protocol Design Model Design Goals –The whole idea is to simplify administration and avoid additional configuration. –DHCPv6 should not require manual configuration of DHCPv6 clients, except as dictated by security requirements. –Each client should be able to obtain, from a DHCPv6 server, appropriate local configuration parameters without user intervention.

13 Processing Model

14

15 DHCPv6 VS DHCPv4 The link local address permits a node to have an address immediately when the node boot. Multiple addresses per interface are inherently supported in IPv6. Some DHCPv4 options are no longer necessary. IPv6 address allocations are now handled in a message extension as opposed to the main header.

16 DHCP and Security DHCP is built on UDP and IP which are inherently insecure DHCP is generally intended to make maintenance of remote hosts easier. Configuring such hosts with passwords or keys may be difficult and inconvenient DHCP in its current form is quite insecure.

17 DHCP Threat model Attack specific to a DHCP client –Possibility of the establishment of a “rogue” server with intent of providing incorrect configuration information to the client. –Mistakenly or accidentally configured DHCP servers that answer DHCP client request with unintentionally incorrect configuration parameters.

18 DHCP Threat model Attack to Server –Invalid client masquerading as a valid client. “Theft of Service” Attack to both the client and the server –Resource “denial of service”.

19 Delayed Authentication In delayed authentication, the client requests authentication in its DHCPDISCOVER message and the server replies with a DHCPOFFER message that includes authentication information. This authentication information contains a nonce value generated by the source as a message authentication code (MAC) to provide message authentication and entity authentication.

20 Message validation The receiver first checks that the value in the replay detection field is acceptable according to the replay detection method specified by the RDM field. The receiver computes the MAC If the MAC computed by the receiver does not match the MAC contained in the authentication option, the receiver MUST discard the DHCP message.

21 Key Utilization Each DHCP client has a key k. The client uses its key to encode any messages it sends to the server and to authenticate and verify any messages it receives from the server. The key should be initially distributed to the client through some out-of-band mechanism

22 Key Utilization Each DHCP server MUST know, or be able to obtain the keys for all authorized clients in a secure manner. The sharing of keys is strongly discouraged as it allows for unauthorized clients to pretend to be authorized clients by obtaining a copy of the shared key. To authenticate the identity of individual clients, each client MUST be configured with a unique key.

23 Summary DHCP works today as a tool for automatic configuration of TCP/IP hosts It is an open Internet standard and interoperable client implementations are widely available Provides automation for routine configuration tasks Ongoing work will extend DHCP with authentication, DHCP-DNS interaction and inter- server communication

24

25 Thanks!

Download ppt "DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary."

Similar presentations

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Host Autoconfiguration ALTTC, Ghaziabad. IPv4 Address and IPv6 equivalents ALTTC, Ghaziabad.

Host Autoconfiguration ALTTC, Ghaziabad. IPv4 Address and IPv6 equivalents ALTTC, Ghaziabad.
Dynamic Host Configuration Protocol DHCP. Dynamic Host Configuration Protocol -- DHCP -- Networking protocol Obtains configuration information for operation.

Dynamic Host Configuration Protocol DHCP. Dynamic Host Configuration Protocol -- DHCP -- Networking protocol Obtains configuration information for operation.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
Chapter 11 Configuring Dynamic Host Configuration Protocol

Chapter 11 Configuring Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP)
Chapter 8 Administering TCP/IP.

Chapter 8 Administering TCP/IP.
RFC 2131 DHCP. Dynamic Host Configuration Protocol.

RFC 2131 DHCP. Dynamic Host Configuration Protocol.
Subnetting.

Subnetting.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
COS 420 DAY 22. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due.

COS 420 DAY 22. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.
Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.

Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.
Chapter Overview Understanding DHCP Configuring a DHCP Server

Chapter Overview Understanding DHCP Configuring a DHCP Server
Managing DHCP. 2 DHCP Overview Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces.

Managing DHCP. 2 DHCP Overview Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces.
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.
Lesson 3 Introduction to Networking Concepts Lesson 3.

Lesson 3 Introduction to Networking Concepts Lesson 3.
Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP)
Lecture 3a Mobile IP 1. Outline How to support Internet mobility? – by Mobile IP. Our discussion will be based on IPv4 (the current version). 2.

Lecture 3a Mobile IP 1. Outline How to support Internet mobility? – by Mobile IP. Our discussion will be based on IPv4 (the current version). 2.

Similar presentations

Ads by Google