Extra Credit 2: Assigning DHCP Leases

As was mentioned at the start of the article, a computer network will assign a network address to a specific computer through a Dynamic Host Configuration Protocol (DHCP) server. These are called leases because they are designed to be dynamically assigned for a period of time. The same computer may get a different IP address each time it connects to the network.

DHCP Assigned Lease

It is possible to statically assign a specific network address to a specific address every time. This is great if we want to assign a specific rule that, say, allows only that device to access a specific resource on the Internet. This fine-grained access control is possible because we know that the specific device will always be assigned a specific network address, so that network address can be used in the firewall rules.

Other things we can do is turn off access to the network for specific devices through similar rules. If a device is suspected of being compromised by malware, for example, a simple rule can exclude it from any network access, effectively isolating it while remediation steps are taken.

As IoT devices become more prevalent, being able to limit and control their access to network and internet resource is crucial, as these devices are typically too limited in power to protect themselves. A well-defined set of firewall rules and configurations can protect the devices from outside threats, as well as prevent the devices from being used for malicious and nefarious purposes.