1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DHCP fixed IP on IoT devices as additional security measurement

Discussion in 'General Network Security' started by brightwolf, Jan 23, 2019.

  1. brightwolf

    brightwolf New Around Here

    Joined:
    Jan 23, 2019
    Messages:
    1
    I have isolated all my IoT devices on a separate wired guest network and on a separate wireless guest network. DHCP is turned on for those guest networks. Does it make sense to now, as an additional security measurement, log in to each IoT device and make its IP static and to set to the IP it received from the DHCP server? I am thinking that would prevent the IoT devices to come back online after an unwanted router factory reset. Because after a factory reset, both the wired and wireless guest networks would not receive the same subnet but will get a different one (I tested this). Since the IoT now has a static address in a different subnet, it will not be able to connect.

    Does this make sense? I am asking since my router is not locked away. If my teenage kids decide to circumvent the router security by factory resetting it when I am on holidays, then at least the IoT devices will not be exposed to the internet or to my other devices.
     
  2. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,590
    Location:
    texas
    DHCP does make it easier to network the devices. Using DHCP you probably need to make a paper list of IPs to devices. Using reservations does make it easer to track online without making paper lists. If you hard code IP addresses outside of your DHCP scope then you can reset your router and the devices will still work without setting them up again providing you keep with the same network. Using reservations and resetting the router is the only setup which will need to be done again if you reset the router.
     
  3. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,076
    Its better to have controlled DHCP rather than fixed IP, the reason is that the device may not obey everything. So having the router control everything is better from DHCP To NTP even DNS as well by hijacking and redirecting packets as necessary, same can be done to prevent WAN access for your devices.
     
  4. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,590
    Location:
    texas
    If you use fixed IPs you will need to supply DNS as well as the IP address. Security wise there is no difference other than you need to manually supply all information that DHCP would have supplied. Your devices still have to pass through the router for internet access so your router is your security. Your router needs to be setup with a network mask big enough to support the fixed IP addresses. This is usually not a problem as the router's are setup using a Class C network mask and the DHCP scope is smaller than a full Class C.
     
  5. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,076
    Use a 6to4 tunnel for WAN and have 0.0.0.0/0 as your LAN :p
     
  6. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,590
    Location:
    texas
    Why?
     
  7. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,076
    for fun :p . You know when you're a network geek and do something for no particular reason? Besides that also means hardcoded malware will have issues too.