What's new

DHCP fixed IP on IoT devices as additional security measurement

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

brightwolf

New Around Here
I have isolated all my IoT devices on a separate wired guest network and on a separate wireless guest network. DHCP is turned on for those guest networks. Does it make sense to now, as an additional security measurement, log in to each IoT device and make its IP static and to set to the IP it received from the DHCP server? I am thinking that would prevent the IoT devices to come back online after an unwanted router factory reset. Because after a factory reset, both the wired and wireless guest networks would not receive the same subnet but will get a different one (I tested this). Since the IoT now has a static address in a different subnet, it will not be able to connect.

Does this make sense? I am asking since my router is not locked away. If my teenage kids decide to circumvent the router security by factory resetting it when I am on holidays, then at least the IoT devices will not be exposed to the internet or to my other devices.
 
DHCP does make it easier to network the devices. Using DHCP you probably need to make a paper list of IPs to devices. Using reservations does make it easer to track online without making paper lists. If you hard code IP addresses outside of your DHCP scope then you can reset your router and the devices will still work without setting them up again providing you keep with the same network. Using reservations and resetting the router is the only setup which will need to be done again if you reset the router.
 
Its better to have controlled DHCP rather than fixed IP, the reason is that the device may not obey everything. So having the router control everything is better from DHCP To NTP even DNS as well by hijacking and redirecting packets as necessary, same can be done to prevent WAN access for your devices.
 
If you use fixed IPs you will need to supply DNS as well as the IP address. Security wise there is no difference other than you need to manually supply all information that DHCP would have supplied. Your devices still have to pass through the router for internet access so your router is your security. Your router needs to be setup with a network mask big enough to support the fixed IP addresses. This is usually not a problem as the router's are setup using a Class C network mask and the DHCP scope is smaller than a full Class C.
 
If you use fixed IPs you will need to supply DNS as well as the IP address. Security wise there is no difference other than you need to manually supply all information that DHCP would have supplied. Your devices still have to pass through the router for internet access so your router is your security. Your router needs to be setup with a network mask big enough to support the fixed IP addresses. This is usually not a problem as the router's are setup using a Class C network mask and the DHCP scope is smaller than a full Class C.
Use a 6to4 tunnel for WAN and have 0.0.0.0/0 as your LAN :p
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top