Apart from rogue DHCP servers, there can also be a problem of rogue DHCP clients
To make sure no unauthorized client obtains IP from your DHCP servers, there are a few steps to follow.
1. Make sure physical security is enforced. That is, prevent physical connections to your network if there is public access to your network hardware.
2. Use Use 802.1x or IPSec to secure your existing clients from rogue ones. That doesn't prevent from obtaining IPs, but can help to prevent making anything undesirable afterwards.
3. Use fixed IP assigned to your clients. In case of a small intranets and/or cases when there are no actual need in supporting dynamic IP addresses, this can help to prevent an outside user from obtaining IP from your network.
4. Use network monitoring tool to detect rogue activity and prevent it wherever possible. Firewalling and logging connections can also be of use.
To make sure no unauthorized client obtains IP from your DHCP servers, there are a few steps to follow.
1. Make sure physical security is enforced. That is, prevent physical connections to your network if there is public access to your network hardware.
2. Use Use 802.1x or IPSec to secure your existing clients from rogue ones. That doesn't prevent from obtaining IPs, but can help to prevent making anything undesirable afterwards.
3. Use fixed IP assigned to your clients. In case of a small intranets and/or cases when there are no actual need in supporting dynamic IP addresses, this can help to prevent an outside user from obtaining IP from your network.
4. Use network monitoring tool to detect rogue activity and prevent it wherever possible. Firewalling and logging connections can also be of use.
