SlideShare a Scribd company logo

Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training (1) 2019

Jiunn-Jer Sun
Jiunn-Jer Sun

Agenda • IEC 62443 IACS standard • Scope and why • DHCP protocol and how it works • DHCP’s Vulnerabilities • Types of Cyber Attacks to DHCP • Defense by network security DHCP Snooping • Korenix products with advanced security features

1 of 25
Download to read offline
Protect Your DHCP Infrastructure from Cyberattacks JJ Sun PSM
Agenda • IEC62443 IACS standard • Scope and why • DHCP protocol and how it works • DHCP’s Vulnerabilities • Types of Cyberattacks to DHCP • Defense by network security – DHCP Snooping • Korenix products with advanced security features
IEC62443
Fundamental But Insecure MAC IP TCP / UDP Applications
Dynamic Host Configuration Protocol PLC I/O Drive Sensor HMI IPCAdmin station Camera Reader DHCP Server
DHCP Architecture DHCP Client (MAC bbb.bbb.bbb) DHCP Client (MAC ccc.ccc.ccc) DHCP Server DHCP Client (MAC aaa.aaa.aaa) IP Address Pool / Binding Table 192.168.10.1 aaa.aaa.aaa 192.168.10.2 bbb.bbb.bbb 192.168.10.3 (available) … 192.168.10.100 (available) Policy IP Subnet mask Gateway DNS
DHCP Client (MAC aaa.aaa.aaa)DHCP Server DHCP Transaction DISCOVER (Broadcast) I am MAC aaa.aaa.aaa. Please assign network configuration for me. REQUEST (Broadcast) Yes, please lease it to me. OFFER (Broadcast) I’m the DHCP server and how about this IP address for you? ACK (Unicast) Done, you can use the IP address now.
Vulnerabilities and Attacks • DHCP spoofing from client • DHCP spoofing from server • DHCP starvation and DoS • Man-In-The-Middle or Hijacking • Broadcasting • No authentication • No validation
Malicious Client (MAC ccc.ccc.ccc)DHCP Server OFFER How about this IP address? ACK Done, you can use it now. DISCOVER I am MAC aaa.aaa.aaa. Please assign IP and network configuration for me. REQUEST Yes, please lease it to me. Spoofing From Malicious Client
DHCP Client (MAC ccc.ccc.ccc)DHCP Server DISCOVER I am MAC aaa.aaa.aaa. please assign IP and network configuration for me. …DISCOVER I am MAC bbb.bbb.bbb. please assign IP and network configuration for me. … DISCOVER I am MAC zzz.zzz.zzz. please assign IP and network configuration for me. … DHCP Starvation
Malicious Client (MAC ccc.ccc.ccc)DHCP Server DISCOVER I am MAC ccc.ccc.ccc. please assign IP and network configuration for me. …DISCOVER I am MAC ccc.ccc.ccc. please assign IP and network configuration for me. … DISCOVER I am MAC ccc.ccc.ccc. please assign IP and network configuration for me. … Denial Of Service
DHCP ClientDHCP Server DISCOVER The OFFER from the rogue DHCP server arrives client before the one from legitimate DHCP server. The transcation is scrambled and the network configuration goes wrong. OFFER Rogue DHCP Server Spoofing From Rogue Server
More Than DHCP Attacks DHCP Client DHCP Server DHCP Client Rogue DHCP Server Gateway IP address Gateway DNS
Defense By Network Security Goal: • Avoid invalid DHCP messages coming into the network • Make sure that network configurations are given from the trusted DHCP server DHCP Client DHCP Server DHCP Client Rogue DHCP Server Malicious DHCP Client
DHCP Snooping • A network security technology protects DHCP infrastructure against malicious DHCP sources, either from clients or servers, and to block fake DHCP messages • Network (LAN) switches with this feature snoop DHCP messages to ensure the incoming DHCP messages are valid, it also helps to ensure network configuration are given from the trusted DHCP server • More importantly, beyond guarding DHCP infrastructure, DHCP snooping generates an table including information about a trusted network, which can be further used by other security features
How DHCP Snooping Works DHCP Client DHCP Server DHCP Client DHCP Client TRUSTED ? ? ?UNTRUSTED
DHCP Client (MAC ccc.ccc.ccc)DHCP Server I am MAC aaa.aaa.aaa. please assign an IP for me. I am MAC ccc.ccc.ccc. please assign an IP for me. Switch Validate Messages DISCOVER I am a server and here is the IP for you. DISCOVER OFFER ?
Rogue DHCP Server Fix On Trusted Sources DHCP Client DHCP Server DHCP Client Rogue DHCP Server DHCP Client ? ? ? Rogue DHCP Server
JetNet with DHCP Snooping Din-Rail switches Layer 2 • JetNet 5612G • JetNet 5620G Rackmount switches Layer 2 • JetNet 5428G • JetNet 6528G • JetNet 6628G • JetNet 6628X Layer 3 • JetNet 7014G • JetNet 7020G Layer 3 • JetNet 6828G • JetNet 7628X
JetPoE with DHCP Snooping Din-Rail switches Layer 2 • JetNet 5612GP • JetNet 5620GP Rackmount switches Layer 2 • JetNet 5728G-16P • JetNet 5728G-24P • JetNet 6628XP Layer 3 • JetNet 7310G • JetNet 7714G Layer 3 • JetNet 6728G-16P • JetNet 6728G-24P • JetNet 7628XP
Configuration Web Configuration Enable DHCP Snooping Assign Trusted Ports Enable Event Warning
Statistics and Binding Table Address Binding Table Snooping Statistics
Summary • DHCP infrastructure is insecure by nature. It is crucial and strongly recommended to apply security protection if DHCP is used in an industrial network • Network switches play an important role to protect an DHCP infrastructure. DHCP snooping should be enabled to against different type of spoofing attacks, either from rogue DHCP servers or malicious clients • Addressing IEC62443 the security standard, Korenix has implemented DHCP snooping on both its din-rail switches or rackmount switches, which fit for different level of networks for mission-critical industrial applications
To Be Continued • Korenix Network Security Webinar – Part 2 MAC IP DHCP APPLICATION
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training (1) 2019

Recommended

Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014
Jiunn-Jer Sun
 
A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018
A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018
A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018
Jiunn-Jer Sun
 
A Better Connected World - IDC Product Catalogue 2018
A Better Connected World - IDC Product Catalogue 2018A Better Connected World - IDC Product Catalogue 2018
A Better Connected World - IDC Product Catalogue 2018
Jiunn-Jer Sun
 
IGS-10020MT Industrial Managed Gigabit Switch
IGS-10020MT Industrial Managed Gigabit SwitchIGS-10020MT Industrial Managed Gigabit Switch
IGS-10020MT Industrial Managed Gigabit Switch
BluBoxx Communication Pvt. ltd
 
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N..."Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...
Yandex
 
Compare cisco asa 5505, asa 5512 x and asa 5515-x
Compare cisco asa 5505, asa 5512 x and asa 5515-xCompare cisco asa 5505, asa 5512 x and asa 5515-x
Compare cisco asa 5505, asa 5512 x and asa 5515-x
IT Tech
 
C6800 sup6 t vs. c6800-sup6t-xl
C6800 sup6 t vs. c6800-sup6t-xlC6800 sup6 t vs. c6800-sup6t-xl
C6800 sup6 t vs. c6800-sup6t-xl
IT Tech
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
computerlenguyen
 

Recommended

Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014
Jiunn-Jer Sun
 
A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018
A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018
A More Reilable LAN by MSR Redundant Ring - Redundant Technology 2018
Jiunn-Jer Sun
 
A Better Connected World - IDC Product Catalogue 2018
A Better Connected World - IDC Product Catalogue 2018A Better Connected World - IDC Product Catalogue 2018
A Better Connected World - IDC Product Catalogue 2018
Jiunn-Jer Sun
 
IGS-10020MT Industrial Managed Gigabit Switch
IGS-10020MT Industrial Managed Gigabit SwitchIGS-10020MT Industrial Managed Gigabit Switch
IGS-10020MT Industrial Managed Gigabit Switch
BluBoxx Communication Pvt. ltd
 
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N..."Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...
"Morphology of Modern Data Center Networks: Overview". Dinesh Dutt, Cumulus N...
Yandex
 
Compare cisco asa 5505, asa 5512 x and asa 5515-x
Compare cisco asa 5505, asa 5512 x and asa 5515-xCompare cisco asa 5505, asa 5512 x and asa 5515-x
Compare cisco asa 5505, asa 5512 x and asa 5515-x
IT Tech
 
C6800 sup6 t vs. c6800-sup6t-xl
C6800 sup6 t vs. c6800-sup6t-xlC6800 sup6 t vs. c6800-sup6t-xl
C6800 sup6 t vs. c6800-sup6t-xl
IT Tech
 
Icnd210 s08l02
Icnd210 s08l02Icnd210 s08l02
Icnd210 s08l02
computerlenguyen
 
Catalyst Backbone and Instant Access Technologies
Catalyst Backbone and Instant Access TechnologiesCatalyst Backbone and Instant Access Technologies
Catalyst Backbone and Instant Access Technologies
Cisco Russia
 
GSW-2824P Combo Ethernet Switch
GSW-2824P Combo Ethernet SwitchGSW-2824P Combo Ethernet Switch
GSW-2824P Combo Ethernet Switch
BluBoxx Communication Pvt. ltd
 
Next Generation Campus Switching: Are You Ready
Next Generation Campus Switching: Are You ReadyNext Generation Campus Switching: Are You Ready
Next Generation Campus Switching: Are You Ready
Cisco Canada
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
Jiunn-Jer Sun
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
computerlenguyen
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
computerlenguyen
 
Y packet Microwave point to point
Y packet Microwave point to pointY packet Microwave point to point
Y packet Microwave point to point
Youncta Italia
 
Icnd210 lg
Icnd210 lgIcnd210 lg
Icnd210 lg
computerlenguyen
 
SDS_SSL_MPM_UN_A4
SDS_SSL_MPM_UN_A4SDS_SSL_MPM_UN_A4
SDS_SSL_MPM_UN_A4Charles Brosseau
 
IGS-6325-8UP2S Industrial Managed Ethernet Switch
IGS-6325-8UP2S Industrial Managed Ethernet SwitchIGS-6325-8UP2S Industrial Managed Ethernet Switch
IGS-6325-8UP2S Industrial Managed Ethernet Switch
BluBoxx Communication Pvt. ltd
 
ComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data SheetComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data Sheet
JMAC Supply
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
computerlenguyen
 
Icnd210 s02l05
Icnd210 s02l05Icnd210 s02l05
Icnd210 s02l05
computerlenguyen
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
Cisco Canada
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
computerlenguyen
 
Arduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para ArduinoArduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para Arduino
SANTIAGO PABLO ALBERTO
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
computerlenguyen
 
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet ExtenderIVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
BluBoxx Communication Pvt. ltd
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
Tola LENG
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcpduraimurugan89
 

More Related Content

What's hot

Catalyst Backbone and Instant Access Technologies
Catalyst Backbone and Instant Access TechnologiesCatalyst Backbone and Instant Access Technologies
Catalyst Backbone and Instant Access Technologies
Cisco Russia
 
GSW-2824P Combo Ethernet Switch
GSW-2824P Combo Ethernet SwitchGSW-2824P Combo Ethernet Switch
GSW-2824P Combo Ethernet Switch
BluBoxx Communication Pvt. ltd
 
Next Generation Campus Switching: Are You Ready
Next Generation Campus Switching: Are You ReadyNext Generation Campus Switching: Are You Ready
Next Generation Campus Switching: Are You Ready
Cisco Canada
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
Jiunn-Jer Sun
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
computerlenguyen
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
computerlenguyen
 
Y packet Microwave point to point
Y packet Microwave point to pointY packet Microwave point to point
Y packet Microwave point to point
Youncta Italia
 
IGS-6325-8UP2S Industrial Managed Ethernet Switch
IGS-6325-8UP2S Industrial Managed Ethernet SwitchIGS-6325-8UP2S Industrial Managed Ethernet Switch
IGS-6325-8UP2S Industrial Managed Ethernet Switch
BluBoxx Communication Pvt. ltd
 
ComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data SheetComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data Sheet
JMAC Supply
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
computerlenguyen
 
Icnd210 s02l05
Icnd210 s02l05Icnd210 s02l05
Icnd210 s02l05
computerlenguyen
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
Cisco Canada
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
computerlenguyen
 
Arduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para ArduinoArduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para Arduino
SANTIAGO PABLO ALBERTO
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
computerlenguyen
 
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet ExtenderIVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
BluBoxx Communication Pvt. ltd
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 

What's hot (20)

Catalyst Backbone and Instant Access Technologies
Catalyst Backbone and Instant Access TechnologiesCatalyst Backbone and Instant Access Technologies
Catalyst Backbone and Instant Access Technologies
 
GSW-2824P Combo Ethernet Switch
GSW-2824P Combo Ethernet SwitchGSW-2824P Combo Ethernet Switch
GSW-2824P Combo Ethernet Switch
 
Next Generation Campus Switching: Are You Ready
Next Generation Campus Switching: Are You ReadyNext Generation Campus Switching: Are You Ready
Next Generation Campus Switching: Are You Ready
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
 
Icnd210 cag
Icnd210 cagIcnd210 cag
Icnd210 cag
 
Icnd210 s08l04
Icnd210 s08l04Icnd210 s08l04
Icnd210 s08l04
 
Y packet Microwave point to point
Y packet Microwave point to pointY packet Microwave point to point
Y packet Microwave point to point
 
Icnd210 lg
Icnd210 lgIcnd210 lg
Icnd210 lg
 
SDS_SSL_MPM_UN_A4
SDS_SSL_MPM_UN_A4SDS_SSL_MPM_UN_A4
SDS_SSL_MPM_UN_A4
 
IGS-6325-8UP2S Industrial Managed Ethernet Switch
IGS-6325-8UP2S Industrial Managed Ethernet SwitchIGS-6325-8UP2S Industrial Managed Ethernet Switch
IGS-6325-8UP2S Industrial Managed Ethernet Switch
 
ComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data SheetComNet CWGE26FX2TX24MSPOE Data Sheet
ComNet CWGE26FX2TX24MSPOE Data Sheet
 
Icnd210 s08l01
Icnd210 s08l01Icnd210 s08l01
Icnd210 s08l01
 
Icnd210 s02l05
Icnd210 s02l05Icnd210 s02l05
Icnd210 s02l05
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
 
Icnd210 s08l03
Icnd210 s08l03Icnd210 s08l03
Icnd210 s08l03
 
Arduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para ArduinoArduino: Ethernet Shield para Arduino
Arduino: Ethernet Shield para Arduino
 
Icnd210 s02l04
Icnd210 s02l04Icnd210 s02l04
Icnd210 s02l04
 
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet ExtenderIVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
IVC-234GT Industrial 1-Port BNC/RJ11 to 4-Port Gigabit Ethernet Extender
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 

Similar to Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training (1) 2019

Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
Tola LENG
 
Dhc pv4
Dhc pv4Dhc pv4
Dhc pv4
Noman Pal-og
 
dhcp.pdf
dhcp.pdfdhcp.pdf
dhcp.pdf
TekashiAi
 
Modul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osModul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik os
Een Pahlefi
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
Tim Martin
 
Client server
Client serverClient server
Client server
maryam1231
 
162 15-768
162 15-768162 15-768
162 15-768
faisal123000
 
CCNA DHCP (Dynamic Host Control Protocol)
CCNA DHCP (Dynamic Host Control Protocol)CCNA DHCP (Dynamic Host Control Protocol)
CCNA DHCP (Dynamic Host Control Protocol)
Networkel
 
Module (8) DHCP Server.pptx
Module (8) DHCP Server.pptxModule (8) DHCP Server.pptx
Module (8) DHCP Server.pptx
GeorgeThoreJr
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
gueste98b36
 
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
Vignesh kumar
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
Cisco Canada
 
Dhcp
DhcpDhcp
Dhcp
Tapan Khilar
 
DHCP and Nat
DHCP and NatDHCP and Nat
DHCP and Nat
Abderrazak Mosaid
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 

Similar to Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training (1) 2019 (20)

Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcp
 
Dhc pv4
Dhc pv4Dhc pv4
Dhc pv4
 
dhcp.pdf
dhcp.pdfdhcp.pdf
dhcp.pdf
 
Modul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik osModul dhcp server menggunakan mikrotik os
Modul dhcp server menggunakan mikrotik os
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
Client server
Client serverClient server
Client server
 
162 15-768
162 15-768162 15-768
162 15-768
 
CCNA DHCP (Dynamic Host Control Protocol)
CCNA DHCP (Dynamic Host Control Protocol)CCNA DHCP (Dynamic Host Control Protocol)
CCNA DHCP (Dynamic Host Control Protocol)
 
R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1
 
Module (8) DHCP Server.pptx
Module (8) DHCP Server.pptxModule (8) DHCP Server.pptx
Module (8) DHCP Server.pptx
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
 
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
 
Dhcp
DhcpDhcp
Dhcp
 
DHCP and Nat
DHCP and NatDHCP and Nat
DHCP and Nat
 
Moac291 Week02
Moac291 Week02Moac291 Week02
Moac291 Week02
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 

More from Jiunn-Jer Sun

Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018
Jiunn-Jer Sun
 
Industrial Wireless for Transportation - Korenix Wireless Solution 2016
Industrial Wireless for Transportation - Korenix Wireless Solution 2016Industrial Wireless for Transportation - Korenix Wireless Solution 2016
Industrial Wireless for Transportation - Korenix Wireless Solution 2016
Jiunn-Jer Sun
 
Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019
Jiunn-Jer Sun
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Jiunn-Jer Sun
 
Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...
Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...
Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...
Jiunn-Jer Sun
 
Power Distribution Feeder Automation - Application Story 2012
Power Distribution Feeder Automation - Application Story 2012Power Distribution Feeder Automation - Application Story 2012
Power Distribution Feeder Automation - Application Story 2012
Jiunn-Jer Sun
 
Ensuring Network Reliabilty And Quality For IP Surveillance 2012
Ensuring Network Reliabilty And Quality For IP Surveillance 2012Ensuring Network Reliabilty And Quality For IP Surveillance 2012
Ensuring Network Reliabilty And Quality For IP Surveillance 2012
Jiunn-Jer Sun
 
Enhancing Network Quality for Video Transmission 2012
Enhancing Network Quality for Video Transmission 2012Enhancing Network Quality for Video Transmission 2012
Enhancing Network Quality for Video Transmission 2012
Jiunn-Jer Sun
 
Beijer Korenix Connected - Beijer Sales Kit 2019
Beijer Korenix Connected - Beijer Sales Kit 2019Beijer Korenix Connected - Beijer Sales Kit 2019
Beijer Korenix Connected - Beijer Sales Kit 2019
Jiunn-Jer Sun
 
Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...
Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...
Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...
Jiunn-Jer Sun
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...
Jiunn-Jer Sun
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
Protect The Fundamental of IP Networking - Network Security Features 2019
Protect The Fundamental of IP Networking - Network Security Features 2019Protect The Fundamental of IP Networking - Network Security Features 2019
Protect The Fundamental of IP Networking - Network Security Features 2019
Jiunn-Jer Sun
 
Levels Up Your Redundant Network By ERPS - Redundant Technology 2019
Levels Up Your Redundant Network By ERPS - Redundant Technology 2019Levels Up Your Redundant Network By ERPS - Redundant Technology 2019
Levels Up Your Redundant Network By ERPS - Redundant Technology 2019
Jiunn-Jer Sun
 
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Jiunn-Jer Sun
 
Wireless AP and Antenna Quick Selection Guide 2013
Wireless AP and Antenna Quick Selection Guide 2013Wireless AP and Antenna Quick Selection Guide 2013
Wireless AP and Antenna Quick Selection Guide 2013
Jiunn-Jer Sun
 
Making Your Heavy Chores Easy - Industrial PoE Handbook 2008
Making Your Heavy Chores Easy - Industrial PoE Handbook 2008Making Your Heavy Chores Easy - Industrial PoE Handbook 2008
Making Your Heavy Chores Easy - Industrial PoE Handbook 2008
Jiunn-Jer Sun
 
Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016
Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016
Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016
Jiunn-Jer Sun
 
Flying You From Wired To Wireless - Product Brochure 2013
Flying You From Wired To Wireless - Product Brochure 2013Flying You From Wired To Wireless - Product Brochure 2013
Flying You From Wired To Wireless - Product Brochure 2013
Jiunn-Jer Sun
 

More from Jiunn-Jer Sun (20)

Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018
 
Industrial Wireless for Transportation - Korenix Wireless Solution 2016
Industrial Wireless for Transportation - Korenix Wireless Solution 2016Industrial Wireless for Transportation - Korenix Wireless Solution 2016
Industrial Wireless for Transportation - Korenix Wireless Solution 2016
 
Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019Secure Reliable Quality Networking Solutions for Railway 2019
Secure Reliable Quality Networking Solutions for Railway 2019
 
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...Effective Network Security Against Cyber Threats - Network Segmentation Techn...
Effective Network Security Against Cyber Threats - Network Segmentation Techn...
 
Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...
Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...
Outstanding In Redundancy And Security - Korenix Ethernet Switches Brochure ...
 
Power Distribution Feeder Automation - Application Story 2012
Power Distribution Feeder Automation - Application Story 2012Power Distribution Feeder Automation - Application Story 2012
Power Distribution Feeder Automation - Application Story 2012
 
Ensuring Network Reliabilty And Quality For IP Surveillance 2012
Ensuring Network Reliabilty And Quality For IP Surveillance 2012Ensuring Network Reliabilty And Quality For IP Surveillance 2012
Ensuring Network Reliabilty And Quality For IP Surveillance 2012
 
Enhancing Network Quality for Video Transmission 2012
Enhancing Network Quality for Video Transmission 2012Enhancing Network Quality for Video Transmission 2012
Enhancing Network Quality for Video Transmission 2012
 
Beijer Korenix Connected - Beijer Sales Kit 2019
Beijer Korenix Connected - Beijer Sales Kit 2019Beijer Korenix Connected - Beijer Sales Kit 2019
Beijer Korenix Connected - Beijer Sales Kit 2019
 
Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...
Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...
Defend Your DHCP Infrastructure Against Cyber Attacks - Network Security Feat...
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...
Essential Protection for The Fundamental of IP Networking - Cybersecurity Tra...
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Protect The Fundamental of IP Networking - Network Security Features 2019
Protect The Fundamental of IP Networking - Network Security Features 2019Protect The Fundamental of IP Networking - Network Security Features 2019
Protect The Fundamental of IP Networking - Network Security Features 2019
 
Levels Up Your Redundant Network By ERPS - Redundant Technology 2019
Levels Up Your Redundant Network By ERPS - Redundant Technology 2019Levels Up Your Redundant Network By ERPS - Redundant Technology 2019
Levels Up Your Redundant Network By ERPS - Redundant Technology 2019
 
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
 
Wireless AP and Antenna Quick Selection Guide 2013
Wireless AP and Antenna Quick Selection Guide 2013Wireless AP and Antenna Quick Selection Guide 2013
Wireless AP and Antenna Quick Selection Guide 2013
 
Making Your Heavy Chores Easy - Industrial PoE Handbook 2008
Making Your Heavy Chores Easy - Industrial PoE Handbook 2008Making Your Heavy Chores Easy - Industrial PoE Handbook 2008
Making Your Heavy Chores Easy - Industrial PoE Handbook 2008
 
Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016
Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016
Get Inspired By Beijer's Wireless Solution - Wireless Brochure 2016
 
Flying You From Wired To Wireless - Product Brochure 2013
Flying You From Wired To Wireless - Product Brochure 2013Flying You From Wired To Wireless - Product Brochure 2013
Flying You From Wired To Wireless - Product Brochure 2013
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 

Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training (1) 2019

  • 1. Protect Your DHCP Infrastructure from Cyberattacks JJ Sun PSM
  • 2. Agenda • IEC62443 IACS standard • Scope and why • DHCP protocol and how it works • DHCP’s Vulnerabilities • Types of Cyberattacks to DHCP • Defense by network security – DHCP Snooping • Korenix products with advanced security features
  • 5. Dynamic Host Configuration Protocol PLC I/O Drive Sensor HMI IPCAdmin station Camera Reader DHCP Server
  • 6. DHCP Architecture DHCP Client (MAC bbb.bbb.bbb) DHCP Client (MAC ccc.ccc.ccc) DHCP Server DHCP Client (MAC aaa.aaa.aaa) IP Address Pool / Binding Table 192.168.10.1 aaa.aaa.aaa 192.168.10.2 bbb.bbb.bbb 192.168.10.3 (available) … 192.168.10.100 (available) Policy IP Subnet mask Gateway DNS
  • 7. DHCP Client (MAC aaa.aaa.aaa)DHCP Server DHCP Transaction DISCOVER (Broadcast) I am MAC aaa.aaa.aaa. Please assign network configuration for me. REQUEST (Broadcast) Yes, please lease it to me. OFFER (Broadcast) I’m the DHCP server and how about this IP address for you? ACK (Unicast) Done, you can use the IP address now.
  • 8. Vulnerabilities and Attacks • DHCP spoofing from client • DHCP spoofing from server • DHCP starvation and DoS • Man-In-The-Middle or Hijacking • Broadcasting • No authentication • No validation
  • 9. Malicious Client (MAC ccc.ccc.ccc)DHCP Server OFFER How about this IP address? ACK Done, you can use it now. DISCOVER I am MAC aaa.aaa.aaa. Please assign IP and network configuration for me. REQUEST Yes, please lease it to me. Spoofing From Malicious Client
  • 10. DHCP Client (MAC ccc.ccc.ccc)DHCP Server DISCOVER I am MAC aaa.aaa.aaa. please assign IP and network configuration for me. …DISCOVER I am MAC bbb.bbb.bbb. please assign IP and network configuration for me. … DISCOVER I am MAC zzz.zzz.zzz. please assign IP and network configuration for me. … DHCP Starvation
  • 11. Malicious Client (MAC ccc.ccc.ccc)DHCP Server DISCOVER I am MAC ccc.ccc.ccc. please assign IP and network configuration for me. …DISCOVER I am MAC ccc.ccc.ccc. please assign IP and network configuration for me. … DISCOVER I am MAC ccc.ccc.ccc. please assign IP and network configuration for me. … Denial Of Service
  • 12. DHCP ClientDHCP Server DISCOVER The OFFER from the rogue DHCP server arrives client before the one from legitimate DHCP server. The transcation is scrambled and the network configuration goes wrong. OFFER Rogue DHCP Server Spoofing From Rogue Server
  • 13. More Than DHCP Attacks DHCP Client DHCP Server DHCP Client Rogue DHCP Server Gateway IP address Gateway DNS
  • 14. Defense By Network Security Goal: • Avoid invalid DHCP messages coming into the network • Make sure that network configurations are given from the trusted DHCP server DHCP Client DHCP Server DHCP Client Rogue DHCP Server Malicious DHCP Client
  • 15. DHCP Snooping • A network security technology protects DHCP infrastructure against malicious DHCP sources, either from clients or servers, and to block fake DHCP messages • Network (LAN) switches with this feature snoop DHCP messages to ensure the incoming DHCP messages are valid, it also helps to ensure network configuration are given from the trusted DHCP server • More importantly, beyond guarding DHCP infrastructure, DHCP snooping generates an table including information about a trusted network, which can be further used by other security features
  • 16. How DHCP Snooping Works DHCP Client DHCP Server DHCP Client DHCP Client TRUSTED ? ? ?UNTRUSTED
  • 17. DHCP Client (MAC ccc.ccc.ccc)DHCP Server I am MAC aaa.aaa.aaa. please assign an IP for me. I am MAC ccc.ccc.ccc. please assign an IP for me. Switch Validate Messages DISCOVER I am a server and here is the IP for you. DISCOVER OFFER ?
  • 18. Rogue DHCP Server Fix On Trusted Sources DHCP Client DHCP Server DHCP Client Rogue DHCP Server DHCP Client ? ? ? Rogue DHCP Server
  • 19. JetNet with DHCP Snooping Din-Rail switches Layer 2 • JetNet 5612G • JetNet 5620G Rackmount switches Layer 2 • JetNet 5428G • JetNet 6528G • JetNet 6628G • JetNet 6628X Layer 3 • JetNet 7014G • JetNet 7020G Layer 3 • JetNet 6828G • JetNet 7628X
  • 20. JetPoE with DHCP Snooping Din-Rail switches Layer 2 • JetNet 5612GP • JetNet 5620GP Rackmount switches Layer 2 • JetNet 5728G-16P • JetNet 5728G-24P • JetNet 6628XP Layer 3 • JetNet 7310G • JetNet 7714G Layer 3 • JetNet 6728G-16P • JetNet 6728G-24P • JetNet 7628XP
  • 22. Statistics and Binding Table Address Binding Table Snooping Statistics
  • 23. Summary • DHCP infrastructure is insecure by nature. It is crucial and strongly recommended to apply security protection if DHCP is used in an industrial network • Network switches play an important role to protect an DHCP infrastructure. DHCP snooping should be enabled to against different type of spoofing attacks, either from rogue DHCP servers or malicious clients • Addressing IEC62443 the security standard, Korenix has implemented DHCP snooping on both its din-rail switches or rackmount switches, which fit for different level of networks for mission-critical industrial applications
  • 24. To Be Continued • Korenix Network Security Webinar – Part 2 MAC IP DHCP APPLICATION