Any Security Benifit to this statement?

[thepilo]

I have a certain Configuration that is in my firewall. I was told that is was for security reasons, but I think that it is conflicting with our internal Microsoft DHCP server.

Please let me know what you think

dhcpd address 10.1.100.200-10.1.100.220 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
dhcprelay server 10.1.100.64 inside
dhcprelay server 10.1.100.53 inside

is there any benefit to these statements for security reasons? (There are no DNS servers listed in this either)

thanks in advance.

 

[mbilgrav]

well - it is allways a good idea, to spread the DHCP load around on two or more servers, you know, for redundancy etc.
Also having seperate OS's for this, so if one OS goes down for some new unknown worm's reason, the other OS still run... 8) (Though no bandwidth might be available)
So a PIX-OS as fall-back DHCP could be fairly good idea...
(Why didnt I think of this ?)

 

[thepilo]

Besides Redundancy, Is there any security benefit, Stoping hackers, things of that sort?

 

[tbissett]

There is no security benefit in those commands. If anything, you are slightly detracting from your security by allowing DHCP relaying through your firewall with the dhcprelay commands.