DHCP vs Static IP addresses

Our security manager is trying to force us to move from a DHCP / Static network to a purely static IP network

We have about 300 clients, 70 servers, and 9 offices each on a seperate subnet.

Is / has anyone out there had to move from a DHCP network to a static IP network?

Is anyone using just static IP's on their entire network?

Does this make any sense to folks out there?

I would appreciate any feed back what so ever.

Thanks,

How is the security manager reasoning that this is an intelligent/beneficial change?

My answer to your questions is no

We have a whole class B network registered to our University and about 95% of it is using static IPs. Only wireless clients are using DHCP. But this scheme is inherited from way back, they are thinking now of changing everything to DHCP.

I personally think that both schemes have their own pros and cons. DHCP is probably much simpler and faster to deploy. But static IPs are a little easier to manage, monitor, control and secure in the sense that you know who is taking what IP . Nevertheless, there might exist newer capabilities/software/tools now that can make managing and controlling DHCP a better experience.

May I ask what is the main problem that the manager has on DHCP ?

You should stay with DHCP and use "reservations" for machines that require a "static" address.

Let me see.....

1.I think the security guy want to implement an IP policy based rule

2. He wants to identify users by IP

3. He might want to retrict internet access IP by IP, and when you control internet access in an organisation productivity increases.

4. he will want to monitor what users are doing by getting log reports to his mail every day, something like real time monitoring of which user is consuming the most bandwidth

depending on the package he chooses for implementation, dhcp might make things difficult for him. if he has to use static addressing the headache is at the initial stage of inputing the IPs and inputing the IPs manually as the number of systems gradually grow except if there is a major problem in future. I dont want to be categorical about this , but the issue is about trading off convienience for security

Sose i think the Sec Manager is becoming cautious of OPSEC (operations security). So he is guiding every angle. He does not want any kind of human to just plug in his device and get an automatic IP and thus is connected and can do anything he feels like.

But in a static Environment the unknown client has to seek an IP address and me and u knw that before he gets one it has to be from a top Admin staff. and the Admin staff will be responsible for any bad log thats comes up from the IP he gave out..

You knw i have been under going some comprehensive training this week (started on monday) with Homeland Security. So i think i will support the Migration from DHCP to Static, my self my next job i will implement BooTP.


C0DE - 3