Library and Technology Services continually strives to enhance the security of all Lehigh network resources. To this end, over the next few months LTS will be implementing a feature of the recently installed switches wherein all devices connected to the network will be required to use DHCP to obtain an IP address; once implemented, devices not using DHCP will no longer function on Lehigh's network. This feature greatly enhances network security by guarding against both ARP poisoning and IP spoofing. ARP poisoning is a manipulative man-in-the-middle attack in which all network traffic is routed through a malicious host computer where the data can be watched, manipulated, or even dropped (causing a denial of service attack). While in certain circumstances IP spoofing can also be used for man-in-the-middle type attacks and even for session hijacking, the primary use of IP spoofing is for denial of service (DoS) attacks. While DoS attacks are hard to defend against in general, combining them with IP spoofing prolongs the effectiveness of the attack.
DHCP, Dynamic Host Configuration Protocol, simplifies the configuration of most network devices as IP addresses are assigned to those devices automatically. Devices requiring a specific domain name can be assigned one along with a static IP address (accessible only through DHCP) through a manual entry in the DHCP table (via LUNET). Once a switch port has been configured to require DHCP, only devices assigned an IP address through DHCP will be able to transmit data through the network.
Please contact your Computing Consultant with any questions pertaining to this or for assistance in configuring network devices to use DHCP.