Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
option a: have a system on a network configured with a static ip address.
option b: that system on the network is configured as dynamic ip to be retrieved via dhcp.
is the following true:
(a) is better because since i know what the ip address is because it is static and because I set it, then i should always be able to get to that ip address knowing that it is my system and not some other system. Where as option b the system can have any arbitrary ip address that is not controlled by me but by a dhcp server and the system name is registered with DNS on the network - all done by someone else, therefore that is a potential security risk from my point of view? for example, with option b if my system name is pigeon and i do "ssh pigeon", then i am relying on dns being correct in sending me to my system and not some other system which is a potential risk? i'm looking at this from a security point of view, and not a network management/logistic point of view.
and with ssh i know you have keys and that would be an immediate red flag, but disregard ssh keys or assume some other remote log on method.
If you don't trust the network, then neither are secure. Somebody could easily unplug the network cable from your box (or pull the power plug) and plug in another box with the same static IP.
The main difference is that option a is more reliable. If the DHCP server goes down, nothing changes on option a, while the entire network shuts down on option b. On the flip side, option b is easier to maintain, since switching subnets, for example, simply requires changing the DHCP address range on the DHCP server, instead of manually changing the static IP on every single box on the network.
Any connection is a security issue. It is possible that some fault lies in software that can be taken advantage of in dhcp I guess so from a very remote stance, a static may be slightly more secure. However from an IP tcp/ip point of view that is not the reason your data is being hacked or threatened.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.