+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 33
Windows Server 2008 R2 Thread, What are the benefits of Static IP addresses? in Technical; @ ZeroHour and @ SimpleSi From experience it is not the key evidence but is darned helpful to find the ...
  1. #16

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,779 Times in 1,104 Posts
    Blog Entries
    19
    Rep Power
    594
    @ZeroHour and @SimpleSi
    From experience it is not the key evidence but is darned helpful to find the relevant information, cutting hours / days / weeks from investigations.

    Of course ... if you are sure that every single device which can connect to your network will always be logged and tracked then that is ok ... and I am sure that all networks around the world are set up that way, especially so in schools which are renowned for having a lot of investment in time and money.

    As for MAC address spoofing ... yep, and the concerted script kiddie will look at this as an option ... but applying reservations will mean they have to snort a MAC address, identify the machine owner / user / location, ensure that it is not on / connected when they try to connect and that should the device be on then that the accompanying error message will not get dealt with. If they do get on (and this sometimes happens in schools on guest mobile networks ... apparently) then the logs of the APs can show you the approx area where the connection took place, etc ... or if this is not possible (though with all the investment in managed wireless networks which has happened in every single school it would be surprising) then you have at least put a little something in place to be a tiny bit disruptive to the annoying brat trying to get onto your network.

    For some it might slow them down by a few hours ... for others it confuses them too much and they drop it.

  2. #17

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,325
    Thank Post
    622
    Thanked 1,577 Times in 1,414 Posts
    Rep Power
    413
    Or look on label on side of printer and then unplug said printer.

    Job done.

    Ben

  3. #18

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    We don't the sort of incident in primaries that requires deep network forensics
    Si

  4. #19

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,703
    Thank Post
    3,235
    Thanked 1,043 Times in 965 Posts
    Rep Power
    363
    Quote Originally Posted by SimpleSi View Post
    Another reason to not use AD
    Si
    HOME - One workgroup to rule them all
    You don't just walk into moordore .....

  5. #20

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,779 Times in 1,104 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by SimpleSi View Post
    We don't the sort of incident in primaries that requires deep network forensics
    Si
    And no primary school teachers are ever investigated for illegal activities?

  6. #21

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    And no primary school teachers are ever investigated for illegal activities?
    You don't need ip/mac address correlation to nail them - they aren't that clever

    Si

  7. #22

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,824
    Thank Post
    580
    Thanked 2,161 Times in 986 Posts
    Blog Entries
    23
    Rep Power
    627
    I always went by the rule that infrastructure components such as servers, switches, WAPs, printers etc. were static. Workstations and client devices were DHCP.
    With static addresses on critical kit monitoring, fault finding and configuration is so much simpler, as opposed to workstations where you don't really need that kind of access as usually you have other systems in place for this.
    Last edited by Dos_Box; 23rd May 2012 at 07:45 PM.

  8. Thanks to Dos_Box from:

    SimpleSi (22nd May 2012)

  9. #23

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by mac_shinobi View Post
    When any of you are stating 'you use a dhcp reservation' does that mean

    1. You set the dhcp reservation in DHCP via the mac address of said device and then on the actual device you

    A - Still program or manually set the ip address info ( ip address, subnet mask, default gateway, dns servers ) statically
    B - Leave said device to DHCP as it will pick up the dhcp reservation anyway

    2. When Switches, Servers or other devices that need Static IP Addresses I presume you just manually and statically assign them the said network address info ( so IP Address, subnet mask and any other relevant info that you need to assign them )
    Yep, I set the DHCP reservation in the DHCP via the MAC address of the device and then leave the PC to automatic so that it requests an IP address from the server but as there is a reservation the server will always give it the same address.

    Switches, servers, printers are set up at the device with manual static IP addresses.

  10. Thanks to KevWCFE from:

    mac_shinobi (23rd May 2012)

  11. #24

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi guys,

    Thanks for all the replies. Some seem to think its handy but most seem to think its not necessary.

    Are there any disadvantages to doing it? All those who said its not necessary on clients never really gave a disadvantage to the set up, merely that it was not needed.

    Thanks
    K

  12. #25


    Join Date
    Sep 2007
    Location
    UK
    Posts
    5,357
    Thank Post
    1,396
    Thanked 857 Times in 549 Posts
    Rep Power
    641
    Our LEA provide different restrictions to some admin computers via IP addressing, so these are static. As are the Canon photocopiers and servers and the CCTV interfaces. When I first came here, everything was static because we had networked Acorns. It was a real pain!

  13. #26

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,325
    Thank Post
    622
    Thanked 1,577 Times in 1,414 Posts
    Rep Power
    413
    Quote Originally Posted by KevWCFE View Post
    Hi guys,

    Thanks for all the replies. Some seem to think its handy but most seem to think its not necessary.

    Are there any disadvantages to doing it? All those who said its not necessary on clients never really gave a disadvantage to the set up, merely that it was not needed.

    Thanks
    K
    The disadvantage on lab machines with a true static IP is the time it would take to do it.

    DHCP reservations would be slightly less onerous provided you had a list of the mac addresses for all the machines.

    It's what DHCP was created for so why not use it?

    Ben

  14. 2 Thanks to plexer:

    GrumbleDook (24th May 2012), SimpleSi (23rd May 2012)

  15. #27

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,703
    Thank Post
    3,235
    Thanked 1,043 Times in 965 Posts
    Rep Power
    363
    Quote Originally Posted by plexer View Post
    The disadvantage on lab machines with a true static IP is the time it would take to do it.

    DHCP reservations would be slightly less onerous provided you had a list of the mac addresses for all the machines.

    It's what DHCP was created for so why not use it?

    Ben
    Am sure in one of mark russinovich's books for server OS it mentioned something along the lines of 'dhcp is your friend', otherwise you are just creating extra unnecessary work for yourself ( at least imo )

    Obviously that is only if used correctly as above with regards to dhcp reservations and if needed / wanted keeping a list of machine mac addresses etc

  16. #28

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,779 Times in 1,104 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by plexer View Post
    The disadvantage on lab machines with a true static IP is the time it would take to do it.

    DHCP reservations would be slightly less onerous provided you had a list of the mac addresses for all the machines.

    It's what DHCP was created for so why not use it?

    Ben
    And most folk make a note of the MAC addresses on machines in their Asset Register and CMDB, so it is just another part of your process when setting up a new machine to also configure a reserved address for it too.

  17. Thanks to GrumbleDook from:

    mac_shinobi (23rd May 2012)

  18. #29

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Well you won't get me spending my time making reservations for anything that isn't in traditional "static vs reservation" territory: The premise of computers is to make stuff easier, not to provide you with more ways to use people's time performing trained monkey work.

    It hasn't yet, but if my "risk analysis" suggested there was a significant chance of needing to map IPs to MACs in some serious investigation then I'd just turn on DHCP logging to record the assignments and their timestamps, and should that ever need mapping to a specific machine/serial just go look in the DB with the *automagic* h/w inventory (via SCCM, Spiceworks, whatever).

  19. #30

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    And most folk make a note of the MAC addresses on machines in their Asset Register

    There's one thing for sure - GDs never going to be caught out by any sort of auditor or inspector

    ll those who said its not necessary on clients never really gave a disadvantage
    The time to do it!

    Si
    Last edited by ZeroHour; 23rd May 2012 at 06:50 PM. Reason: Merged posts - ZH

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Running out of Admin IP addresses
    By Craig_W in forum Wireless Networks
    Replies: 22
    Last Post: 19th June 2007, 07:05 PM
  2. Please Help - What are the challenges and opportunities faci
    By doc69 in forum School ICT Policies
    Replies: 2
    Last Post: 20th May 2007, 07:28 PM
  3. Microsoft, Cisco or Comptia - What are the Pros and Cons?
    By eddiebaby in forum Courses and Training
    Replies: 5
    Last Post: 3rd May 2007, 06:22 PM
  4. How are the rest of your schools connected?
    By Dos_Box in forum General Chat
    Replies: 24
    Last Post: 8th August 2005, 10:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •